search for: tlsreadme

...-tlsdummy-filter.pod new file mode 100644 index 00000000..f8eef69f --- /dev/null +++ b/filters/tlsdummy/nbdkit-tlsdummy-filter.pod @@ -0,0 +1,72 @@ +=head1 NAME + +nbdkit-tlsdummy-filter - nbdkit TLS protection filter + +=head1 SYNOPSIS + + nbdkit --tls=on --filter=tlsdummy plugin [plugin-args...] [tlsreadme=MESSAGE] + +=head1 DESCRIPTION + +C<nbdkit-tlsdummy-filter> is designed to be used when offering a +connection that allows but does not require TLS from clients, in order +to offer safe alternative content to plaintext clients, only exposing +the underlying plugin to authenticated users. Thi...

...s not created by the test harness" + exit 77 +fi + +export sock=`mktemp -u` +pid="tlsdummy.pid" + +files="$sock $pid" +rm -f $files +cleanup_fn rm -f $files + +# Run dual-mode server +start_nbdkit -P $pid -U $sock --tls=on --tls-psk=keys.psk \ + --filter=tlsdummy sh - tlsreadme=$'dummy\n' <<\EOF +if test "$2" = insecure; then + echo 'EINVAL insecure handle' 2>&1; exit 1 +fi +case $1 in + list_exports) echo NAMES; echo hello; echo world ;; + open) if test "$4" != true; then + # nbdkit needs a fix to let tlsdummy sk...

Patch 3 still needs tests added, but it is at least working from my simple command line tests. Eric Blake (3): server: Implement nbdkit_is_tls for use during .open server: Expose final thread_model to filter's .get_ready tlsdummy: New filter docs/nbdkit-filter.pod | 21 +- docs/nbdkit-plugin.pod | 34 ++- docs/nbdkit-tls.pod

...fallback.sh b/tests/test-tls-fallback.sh index cf54a606..94449f31 100755 --- a/tests/test-tls-fallback.sh +++ b/tests/test-tls-fallback.sh @@ -60,12 +60,15 @@ cleanup_fn rm -f $files # Run dual-mode server start_nbdkit -P $pid -U $sock --tls=on --tls-psk=keys.psk \ --filter=tls-fallback sh - tlsreadme=$'dummy\n' <<\EOF +check () { + if test "$1" != true; then + echo 'EINVAL unexpected tls mode' 2>&1; exit 1 + fi +} case $1 in list_exports) echo NAMES; echo hello; echo world ;; - open) if test "$4" != true; then - echo 'EINVAL unexp...

More patches on the way for improving .list_exports signature and adding .export_description, but this is the promised code showing why nbdkit_string_intern is useful. Patch 4 is somewhat RFC: we could either add new API to take the boilerplate from: foo_config(const char *key, const char *value) { if (strcmp (key, "file") == 0) { CLEANUP_FREE char *tmp = nbdkit_realpath (value);

This is a revision of my .default_export work, plus new work on .export_descriptions and a new exportname filter. I think it is now ready to check in. Things I'd still like in 1.22: - the file plugin should implement .list_exports (patch already posted, but it needs rebasing on this series) - the ext2 filter should override .list_exports when in exportname mode - the nbd plugin should be

It's been several weeks since I posted v2 (I got distracted by improving libnbd to better test things, which in turn surfaced some major memory leak problems in nbdsh that are now fixed). Many of the patches are minor rebases from v2, with the biggest changes being fallout from: - patch 2: rename nbdkit_add_default_export to nbdkit_use_default_export - overall: this missed 1.22, so update