similar to: [LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd

When we moved to an enum instead of raw int for nbd_set_tls(), we should have also updated our code to prefer the enum values. While at it, improve the grammar of error messages (confusing since 632196ec, and copy-and-pasted into more locations since then). Fixes: 4488cf2a Thanks: Rich Jones --- Rich noticed this while reviewing the patch for today's CVE fix. It's not a show-stopper if

Similar to the recent --mask-handshake command line added to nbdkit to test client fallbacks to crippled servers, it can be worth testing server fallbacks to crippled clients. And just as we have exposed whether the client will request structured replies, we can also expose whether the client will understand various handshake flags from the NBD protocol. Of course, we default to supporting all

When LIBNBD_TLS_ALLOW is used we don't have a way to find out if TLS was really negotiated. This adds a flag and a way to read it back. Unfortunately there is no test yet, because LIBNBD_TLS_ALLOW is not tested -- it really should be but requires quite a complicated set of tests because ideally we'd like to find out whether it falls back correctly for all supported servers. --- TODO

On 8/11/20 12:12 PM, Richard W.M. Jones wrote: > I think this needs extra documentation in docs/libnbd.pod because it's > definitely not clear just from the rather thin manual page for > set_opt_mode how it works. docs/libnbd.pod is a good place for a > broader description of how it works. Yes, good idea. State-wise, the existing flow was: Created - Progress only by command

This commit adds a new API which can be used from the connected to state to read back which NBD protocol (eg. oldstyle, newstyle-fixed) we are using. It was helpful to add a new state in newstyle negotiation (%NEWSTYLE.FINISHED) so we can route all successful option negotiations through a single path before moving to the %READY state, allowing us to set h->protocol in one place. ---

We should have only one NBD protocol file. Let's make nbdkit's version the canonical one, and use it in libnbd. Rich.

Experimental and only very lightly tested so far. Rich.

This is the bare minimum needed to allow the user to take control over the rest of option negotiating. This patch adds several new API: nbd_set_opt_mode() - called during Created to enable the new mode nbd_get_opt_mode() - query whether opt mode is enabled nbd_opt_go() - used in Negotiating state to attempt to use export nbd_opt_abort() - used in Negotiating state to skip Connected state

Well, I'm not quite done (I still want to get nbdinfo to work on a single nbd connection for all cases when reading the heads of the file is not required), but I'm happy with patches 1-11, and 12-13 show where I'm headed for getting NBD_OPT_INFO to work. Posting now to see if some of the earlier patches are ready to commit while I continue working on the latter half. Eric Blake (13):

More nbd-protocol.h improvements Eric Blake (2): common/protocol: Switch nbdmagic to uint64_t common/protocol: Declare additional constants common/protocol/nbd-protocol.h | 16 ++++++++++------ server/protocol-handshake-newstyle.c | 2 +- server/protocol-handshake-oldstyle.c | 2 +- plugins/nbd/nbd-standalone.c | 2 +- tests/test-layers.c | 2 +- 5 files

On 9/17/19 5:02 AM, Richard W.M. Jones wrote: > This commit adds a new API which can be used from the connected to > state to read back which NBD protocol (eg. oldstyle, newstyle-fixed) > we are using. Somewhat of an overlap with my get_handshake_flags (as newstyle-fixed corresponds to whether handshake_flags includes the FIXED_NEWSTYLE flag), but I don't see the redundancy as an

Diff against libnbd’s copy of this file, and change this one until it matches. --- common/protocol/nbd-protocol.h | 76 +++++++++++++++++----------- server/protocol-handshake-newstyle.c | 26 +++++----- server/protocol-handshake-oldstyle.c | 4 +- server/protocol.c | 25 ++++----- tests/test-layers.c | 14 ++--- 5 files changed, 81 insertions(+), 64

Per recent discussion here: https://www.redhat.com/archives/libguestfs/2019-May/thread.html#00175

No need to duplicate maintenance of export flag computation between old and new style handshakes. Signed-off-by: Eric Blake <eblake@redhat.com> --- src/connections.c | 120 +++++++++++++++++++++--------------------------------- 1 file changed, 47 insertions(+), 73 deletions(-) diff --git a/src/connections.c b/src/connections.c index 8dc1925..f9edea7 100644 --- a/src/connections.c +++

It is finally time to introduce our first negotiating option command. With this change, we can now enter NEWSTYLE.START more than once; as such, it needs to know whether it is the first entry (proceed with gflags/cflags, TLS, and structured reply) or a later entry (all nbd_opt_* will cause an IssueCommand event to kick the state machine out of NEGOTIATING, at which point we want to jump to the

This is similar to the recent --no-sr option - it's a change that is unlikely to ever be used except by someone testing whether a client is compliant to the protocol, but in that niche case, it can be quite handy (it's a lot nicer to be able to purposefully cripple a server from the command line than from a one-off compile, when testing if a client's fallback for a spec-compliant but

Simple refactoring. --- generator/states-newstyle-opt-export-name.c | 12 +++++------ generator/states-newstyle-opt-go.c | 13 ++++++------ generator/states-oldstyle.c | 10 +++------- lib/flags.c | 22 +++++++++++++++++++++ lib/internal.h | 5 +++++ 5 files changed, 42 insertions(+), 20 deletions(-) diff

# HG changeset patch # User Carl-Daniel Hailfinger <Carl-Daniel.Hailfinger@inf.h-brs.de> # Date 1474903734 -7200 # Mon Sep 26 17:28:54 2016 +0200 # Node ID dbd1ea0a401cedcfa426097a289d852971b14f1e # Parent d7d5078d08c711032837dcac79a4450226ec2ce5 nbdkit: Fix flags in old-style connection diff -r d7d5078d08c7 -r dbd1ea0a401c src/connections.c --- a/src/connections.c Sun Sep 25 05:04:02

Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now

I think this needs extra documentation in docs/libnbd.pod because it's definitely not clear just from the rather thin manual page for set_opt_mode how it works. docs/libnbd.pod is a good place for a broader description of how it works. IIUC let me try to explain: we get through as far as the end of group OPT_STRUCTURED_REPLY before we check the opt flag, and then the remainder of opt