search for: tls_set_on_cli

...#define for_each_backend(b) for (b = backend; b != NULL; b = b->next) @@ -140,7 +140,7 @@ extern void connection_set_close (struct connection *, connection_close_function /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME -extern void crypto_init (int tls_set_on_cli); +extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); extern int crypto_negotiate_tls (struct connection *conn, int sockin, int sockout); diff --git a/server/connections.c b/server/connections.c index 0d1bd74..0a89315 100644 --- a/server/connections.c +++ b/server/co...

...utls_error (int err, const char *fs, ...) __attribute__((format (printf, 2, 3))); @@ -147,23 +154,9 @@ load_certificates (const char *path) return 1; } -/* Initialize crypto. This also handles the command line parameters - * and loading the server certificate. - */ -void -crypto_init (int tls_set_on_cli) +static int +start_certificates (void) { - int err; - - err = gnutls_global_init (); - if (err < 0) { - print_gnutls_error (err, "initializing GnuTLS"); - exit (EXIT_FAILURE); - } - - if (tls == 0) /* --tls=off */ - return; - /* Try to locate the cert...

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

v2: * Improved documentation. * Added a test (interop with qemu client).

...} - run = optarg; - foreground = 1; - } - else if (strcmp (long_options[option_index].name, "selinux-label") == 0) { - selinux_label = optarg; - break; - } - else if (strcmp (long_options[option_index].name, "tls") == 0) { - tls_set_on_cli = 1; - if (strcmp (optarg, "off") == 0 || strcmp (optarg, "0") == 0) - tls = 0; - else if (strcmp (optarg, "on") == 0 || strcmp (optarg, "1") == 0) - tls = 1; - else if (strcmp (optarg, "require") == 0 || -...

...exit (EXIT_FAILURE); } + /* Set the umask to a known value. This makes the behaviour of + * plugins when creating files more predictable, and also removes an + * implicit dependency on umask when calling mkstemp(3). + */ + umask (0022); + /* Initialize TLS. */ crypto_init (tls_set_on_cli); assert (tls != -1); -- 2.16.2

...<eblake@redhat.com> --- src/main.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/main.c b/src/main.c index 7ebbba6..0a883e1 100644 --- a/src/main.c +++ b/src/main.c @@ -376,18 +376,14 @@ main (int argc, char *argv[]) case TLS_OPTION: tls_set_on_cli = 1; - if (strcmp (optarg, "off") == 0 || strcmp (optarg, "0") == 0) - tls = 0; - else if (strcmp (optarg, "on") == 0 || strcmp (optarg, "1") == 0) - tls = 1; - else if (strcmp (optarg, "require") == 0 || -...

...\ + if_verbose \ + nbdkit_debug ((fs), ##__VA_ARGS__); \ + } while (0) + /* Maximum read or write request that we will handle. */ #define MAX_REQUEST_SIZE (64 * 1024 * 1024) @@ -286,13 +300,6 @@ extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); extern int crypto_negotiate_tls (int sockin, int sockout); -/* debug.c */ -#define debug(fs, ...) \ - do { \ - if_verbose \ -...

Hi, few miscellaneous fixes for nbdkit. Thanks, Pino Toscano (3): build: use AC_MSG_RESULT for $PERL_LDOPTS crypto: add missing '{' tests: fix generation of PKI test data configure.ac | 1 + src/crypto.c | 2 +- tests/Makefile.am | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) -- 2.13.6

v2 turned out to be much more involved, as I ended up fixing several things along the way that I noticed while debugging a feature addition. Eric Blake (5): maint: Improve ./nbdkit option parsing main: Saner newline printing during --help utils: Add nbdkit_parse_bool main: Use new bool parser for --tls log: Allow user option of appending to log docs/nbdkit-plugin.pod | 11

...ID of base:allocation. As far as I can tell it doesn't + * matter what this is as long as nbdkit always returns the same + * number. + */ +#define base_allocation_id 1 + /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); diff --git a/server/protocol.h b/server/protocol.h index 06b917e..a7de2f0 100644 --- a/server/protocol.h +++ b/server/protocol.h @@ -112,6 +112,7 @@ extern const char *name_of_nbd_rep (int); #define NBD_REP_ACK 1 #define NBD_REP_SERVER 2 #define NBD_REP_INFO 3 +#define N...

This fixes the race conditions for me, using the test described here: https://www.redhat.com/archives/libguestfs/2017-September/msg00226.html Rich.

..._function recv; @@ -298,6 +300,9 @@ extern int protocol_recv_request_send_reply (void); */ #define base_allocation_id 1 +/* public.c */ +extern void free_interns (void); + /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); diff --git a/server/connections.c b/server/connections.c index 67a68469..d9f685c9 100644 --- a/server/connections.c +++ b/server/connections.c @@ -360,7 +360,7 @@ free_connection (struct connection *conn) pthread_mutex_destroy (&conn->status_lock); free (conn->exportname_from_set...

..._function recv; @@ -298,6 +300,9 @@ extern int protocol_recv_request_send_reply (void); */ #define base_allocation_id 1 +/* public.c */ +extern void free_interns (void); + /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); diff --git a/server/connections.c b/server/connections.c index 67a68469..d9f685c9 100644 --- a/server/connections.c +++ b/server/connections.c @@ -360,7 +360,7 @@ free_connection (struct connection *conn) pthread_mutex_destroy (&conn->status_lock); free (conn->exportname_from_set...

..._file (psk_creds, abs_psk_file); > + > + return 0; Based on the comment, isn't this a leak of abs_psk_file? > +} > + > +/* Initialize crypto. This also handles the command line parameters > + * and loading the server certificate. > + */ > +void > +crypto_init (int tls_set_on_cli) > +{ > + int err, r; > + const char *what; > + > + err = gnutls_global_init (); > + if (err < 0) { > + print_gnutls_error (err, "initializing GnuTLS"); > + exit (EXIT_FAILURE); > + } > + > + if (tls == 0) /* --tls=off */ &gt...

...ID of base:allocation. As far as I can tell it doesn't + * matter what this is as long as nbdkit always returns the same + * number. + */ +#define base_allocation_id 1 + /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); diff --git a/server/protocol.h b/server/protocol.h index 4fe3c75..a7de2f0 100644 --- a/server/protocol.h +++ b/server/protocol.h @@ -112,6 +112,7 @@ extern const char *name_of_nbd_rep (int); #define NBD_REP_ACK 1 #define NBD_REP_SERVER 2 #define NBD_REP_INFO 3 +#define N...

While working on can_FOO caching, at one point I got confused by whether 'readonly' meant the global set by -r or a local passed to .open(). A quick attempt to compile with -Wshadow found several other confusing points; this series gets us to the point that we can add -Wshadow to builds with --enable-gcc-warnings. Eric Blake (10): server: Avoid -Wshadow warnings guestfs: Avoid

...er/main.c +++ b/server/main.c @@ -59,6 +59,8 @@ #include <dlfcn.h> +#include "ascii-string.h" + #include "internal.h" #include "nbd-protocol.h" #include "options.h" @@ -300,9 +302,9 @@ main (int argc, char *argv[]) case TLS_OPTION: tls_set_on_cli = true; - if (strcasecmp (optarg, "require") == 0 || - strcasecmp (optarg, "required") == 0 || - strcasecmp (optarg, "force") == 0) + if (ascii_strcasecmp (optarg, "require") == 0 || + ascii_strcasecmp (optarg, "requi...

...ull__ (1, 2))); +extern void connection_set_close (struct connection *, + connection_close_function) + __attribute__((__nonnull__ (1, 2))); /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); -extern int crypto_negotiate_tls (struct connection *conn, int sockin, int sockout); +extern int crypto_negotiate_tls (struct connection *conn, + int sockin, int sockout) + __attribute__((__nonnull__ (1))); /* debug.c */ #defin...

v1 was here: https://www.redhat.com/archives/libguestfs/2019-January/msg00008.html In v2 I have provided two patches: The first patch extends attribute((nonnull)) to most internal functions, but not to the external API. The second patch uses a macro so that attribute((format)) is only used in the public API on GCC or Clang. At least in theory these headers could be used by a C compiler which