similar to: [PATCH libnbd 0/5] interop: Check that LIBNBD_TLS_ALLOW works against nbdkit.

Displaying 20 results from an estimated 300 matches similar to: "[PATCH libnbd 0/5] interop: Check that LIBNBD_TLS_ALLOW works against nbdkit."

2019 Sep 17
0
[PATCH libnbd 5/5] interop: Add tests of nbdkit + LIBNBD_TLS_ALLOW.
Test both the TLS enabled and fallback paths. nbd-server doesn't appear to support TLS at all, and qemu-nbd is known not to allow fallback to unencrypted, and therefore it only makes sense to test nbdkit at the moment. --- .gitignore | 4 ++++ TODO | 3 --- interop/Makefile.am | 54 +++++++++++++++++++++++++++++++++++++++++++++ interop/interop.c | 30
2019 Oct 01
3
[PATCH libnbd 0/2] Change qemu-nbd interop tests to use socket activation.
Now that we have implemented systemd socket activation, we can use this to run qemu-nbd in tests. The first patch leaves some dead code around (the -DSERVE_OVER_TCP=1 path). It's possible we might want to use this to test against a putative future NBD server that only supports TCP, but on the other hand maybe we should just remove it. Tests & valgrind still pass for me. Rich.
2019 Sep 17
0
[PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
This neutral refactoring adds -DTLS_MODE. We can in future change the requested TLS mode, but not in this commit. It also checks that nbd_get_tls_negotiated returns true after connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE. --- interop/Makefile.am | 4 ++++ interop/interop.c | 26 ++++++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git
2019 Sep 18
1
Re: [PATCH libnbd 5/5] interop: Add tests of nbdkit + LIBNBD_TLS_ALLOW.
On 9/17/19 5:35 PM, Richard W.M. Jones wrote: > Test both the TLS enabled and fallback paths. > > nbd-server doesn't appear to support TLS at all, and qemu-nbd is known > not to allow fallback to unencrypted, and therefore it only makes > sense to test nbdkit at the moment. > --- > .gitignore | 4 ++++ > +interop_nbdkit_tls_certs_allow_enabled_SOURCES =
2020 Oct 01
2
[PATCH libnbd] interop: Add test of qemu-storage-daemon.
This commit adds a simple test of qemu-storage-daemon (QSD). On the basis that QSD is just qemu-nbd in new clothes this is only a simple test, not complete coverage. Nor does it test the unique features of QSD like being able to use QMP to create new server instances. Unfortunately QSD is not yet stable upstream. This version works with qemu 5.1.0 but at least two of the command line
2019 Sep 18
1
Re: [PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
On 9/17/19 5:35 PM, Richard W.M. Jones wrote: > This neutral refactoring adds -DTLS_MODE. We can in future change the > requested TLS mode, but not in this commit. > > It also checks that nbd_get_tls_negotiated returns true after > connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE. > --- > interop/Makefile.am | 4 ++++ > interop/interop.c | 26
2019 Sep 17
3
[PATCH libnbd 1/2] api: Add new API to read whether TLS was negotiated.
When LIBNBD_TLS_ALLOW is used we don't have a way to find out if TLS was really negotiated. This adds a flag and a way to read it back. Unfortunately there is no test yet, because LIBNBD_TLS_ALLOW is not tested -- it really should be but requires quite a complicated set of tests because ideally we'd like to find out whether it falls back correctly for all supported servers. --- TODO
2019 Aug 15
3
[nbdkit PATCH] nbd: Another libnbd version bump
The 0.9.8 release breaks API, requiring a number of changes: - Use symbolic constants instead of magic numbers/open-coded strings (well, the string for "base:allocation" was present before this libnbd bump) - Change callbacks to drop the valid_flag parameter - Add _is to nbd_read_only call - Drop the _callback suffix on nbd_aio_FOO calls - Add a struct for managing callback/user_data
2019 Oct 20
2
[PATCH libnbd] api: Allow NBD URIs to be restricted.
Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now
2019 Jun 27
1
[libnbd PATCH] maint: Use $(NULL) for all Makefile.am macro lists
This borrows from a trick in libvirt - by defining $(NULL) to expand to an empty string, we can more consistently write multi-line macros where all useful lines terminate with \, making it easier to add/remove lines without worrying about whether \ needs to be touched up on neighboring lines. --- Looks big, but is fairly mechanical. I'm also doing a similar patch for nbdkit, where it would
2019 Aug 10
17
[PATCH libnbd 0/9] Add Enum and Flags types.
This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized
2020 Jul 29
3
[libnbd PATCH 0/2] Expose export description
An incremental improvement on top of listing exports. I still think it's worth experimenting with revisiting how our API for list mode should actually work [1] (so that we can reuse a single connection for both grabbing the list and finally using NBD_OPT_GO), but this change was easier to whip together while still thinking about that. [1]
2013 Oct 07
2
Proxy to gmail not working
Hi, I've been trying to build a password forwarding proxy to Gmail without success... The SSL connection to Dovecot is happening no problem (as far as I can tell), but for some reason the conversation between Dovecot and Gmail is getting timed out. I know this is supposed to be simple... :-( But could somebody please give me some help by pointing what I'm not doing right? No matter
2019 Sep 26
5
[PATCH libnbd 1/2] lib: Avoid killing subprocess twice.
If the user calls nbd_kill_subprocess, we shouldn't kill the process again when we close the handle (since the process has likely gone and we might be killing a different process). --- lib/handle.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/handle.c b/lib/handle.c index 2af25fe..5ad818e 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -315,6 +315,8 @@
2019 Sep 30
4
[PATCH libnbd v2 0/2] Implement systemd socket activation.
v1 was posted here: https://www.redhat.com/archives/libguestfs/2019-September/thread.html#00337 v2: - Drop the first patch. - Hopefully fix the multiple issues with fork-safety and general behaviour on error paths. Note this requires execvpe for which there seems to be no equivalent on FreeBSD, except some kind of tedious path parsing (but can we assign to environ?) Rich.
2019 Sep 16
1
[libnbd PATCH] states: Avoid magic number for h->tls
When we moved to an enum instead of raw int for nbd_set_tls(), we should have also updated our code to prefer the enum values. While at it, improve the grammar of error messages (confusing since 632196ec, and copy-and-pasted into more locations since then). Fixes: 4488cf2a Thanks: Rich Jones --- Rich noticed this while reviewing the patch for today's CVE fix. It's not a show-stopper if
2017 Jun 08
3
ntlm_auth and SMBv2/v3
Hi , I just need some clarification ; We currently use ntlm_auth + winbind for AD auth on Freeradius, will disabling SMBv1 break authentication for ntlm_auth + Freeradius ? Many Thanks Arnab
2019 Nov 14
1
ANNOUNCE: libnbd 1.2 & nbdkit 1.16 - high performance NBD client and server
I'm pleased to announce the releases of libnbd 1.2 and nbdkit 1.16. These are a high performance Network Block Device (NBD) client library and server. Key features of libnbd: * Synchronous API for ease of use. * Asynchronous API for writing non-blocking, multithreaded clients. You can mix both APIs freely. * High performance. * Minimal dependencies for the basic library. *
2017 Jun 08
4
ntlm_auth and SMBv2/v3
hai,   Please keep it mailing to the list, this way is shows up of others also. A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do. Setting these to enable NTLM v1 again. lanman auth = yes ntlm auth = yes raw NTLMv2 auth = yes I think also this is more a question for the free raduis list, but i would to for a ldap(s) setup. just dont mixup
2019 Aug 10
0
[PATCH libnbd 4/9] api: Change nbd_set_tls (, 2) -> nbd_set_tls (, LIBNBD_TLS_REQUIRE).
This is the same, but now we have a symbol for it. --- docs/libnbd.pod | 6 ++++-- interop/interop.c | 2 +- lib/connect.c | 2 +- tests/aio-parallel-load.c | 2 +- tests/aio-parallel.c | 2 +- tests/connect-tls.c | 2 +- tests/synch-parallel.c | 2 +- 7 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/libnbd.pod b/docs/libnbd.pod