similar to: server: Fix reading passwords interactively.

This command fails with an incorrect error message: $ nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' </dev/null password: nbdkit: error: could not read password from stdin: Inappropriate ioctl for device The error (ENOTTY Inappropriate ioctl for device) is actually a leftover errno from the previous isatty call. This happens because getline(3) can

In v2: - use int instead of bool in the public header - split the tests from the code - don't overload test-layers; instead, add new tests - add a missing fflush exposed by the new tests - other minor cleanups Eric Blake (3): server: Add nbdkit_stdio_safe server: Sanitize stdin/out before running plugin code server: More tests of stdin/out handling docs/nbdkit-plugin.pod |

This is what I've been playing with in response to my earlier question about what to do with 'nbdkit -s sh -' (https://www.redhat.com/archives/libguestfs/2020-April/msg00032.html) I'm still open to ideas on a better name, and/or whether adding <stdbool.h> to our public include files is a good idea (if not, returning int instead of bool is tolerable). Eric Blake (2):

This is the previous 5/9 patch posted earlier today, split into reviewable chunks. This passes bisection with -x 'make && make check', but I didn't work very hard on the commit messages, so I refer you back to the original patch to explain how it works: https://www.redhat.com/archives/libguestfs/2020-March/msg00248.html Rich.

On 6/1/20 5:31 AM, Richard W.M. Jones wrote: > This command fails with an incorrect error message: > > $ nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' </dev/null > password: > nbdkit: error: could not read password from stdin: Inappropriate ioctl for device > > The error (ENOTTY Inappropriate ioctl for device) is actually a

Allow password parameters such as ‘password=-FD’ where FD is a file descriptor number inherited by nbdkit from the parent process. This is another way to allow programs to hand passwords to nbdkit in a very secure way, for example over a pipe so they never touch the filesystem. Previously nbdkit allowed you to use literal passwords on the command line if they began with a ‘-’ (but were not just

The patches following do indeed allow you to compile nbdkit.exe, but it does not actually work yet. I'm posting this experimental series more as a work in progress and to get feedback. Note this does not require Windows itself to build or test. You can cross-compile it using mingw64-* packages on Fedora or Debian, and test it [spoiler alert: it fails] using Wine. Rich.

Also available here: https://github.com/rwmjones/nbdkit/tree/2020-windows-mingw This is the port to Windows using native Windows APIs (not MSYS or Cygwin). This patch series is at the point where it basically now works. I can run the server with the memory plugin, and access it remotely using guestfish, creating filesystems and so on without any apparent problems. Nevertheless there are many

This is an incomplete port to Windows. Currently the server compiles and starts up successfully, but goes into an infinite loop when you connect to it. Nevertheless I think the approach is ready for feedback. This being Windows the changes go quite deep. Rich.

One of my test domUs is a opensuse 10.3 PV domain, and it has a /boot/grub/menu.lst file. pygrub is used as bootloader. With xVM 3.1.4, the arrow keys can be used in the pygrub screen. With xVM 3.3-unstable, the arrow keys don''t work for me any more. What I''ve found out so far is that: - gnome-terminal, xterm or dtterm are running with "vt100 application key

This creates libnbdkit.so as discussed in the following thread: https://www.redhat.com/archives/libguestfs/2020-March/thread.html#00203 test-delay-shutdown.sh fails for unclear reasons. This series starts by reverting "tests: Don't strand hung nbdkit processes" which is because several other tests fail randomly unless I revert this patch. I didn't investigate this yet so it

$ ./nbdkit ssh host=localhost /nosuchfile password=-0 --run 'qemu-img info $nbd' abc fcntl: Bad file descriptor The reason for this is that we close the file descriptor after reading the password. Closing stdin causes bad stuff to happen. --- docs/nbdkit-plugin.pod | 5 +++++ server/public.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git

Part 2 fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1842440 Actually this fix on its own should be sufficient, but probably we want the nbdkit fixes too. Note this uses actual OCaml 4.05 features! ("let open" and the Unix.tcgetattr functions). I checked that both features are available on RHEL 7's OCaml. Rich.

Also available here: https://github.com/rwmjones/nbdkit/tree/2020-windows-mingw-nolib After a lot of work I have made the port to Windows work without using a separate library. Instead, on Windows only, we build an "import library" (library of stubs) which resolves references to nbdkit_* functions in the main program and fixes up the plugin, basically the first technique outlined in

On Mon, Apr 13, 2020 at 07:28:59PM -0500, Eric Blake wrote: [...] This patch is fine and can be pushed if you want, but I've got some small comments. > +If C<nbdkit_stdio_safe> returns true, the value of the configuration > +parameter may be used to trigger reading additional data through stdin > +(such as a password or inline script). I wonder if we want to say "returns

This was a rather longer trip around the houses than I anticipated! The basic purpose of the patch series is to set $nbdkit_stdio_safe to "0" or "1" in sh and eval plugin scripts. To do that, I ended up adding a nicer way to manipulate environ lists, and to do that, I ended up adding a whole generic vector implementation which is applicable in a lot of different places.

Hi, on my system (Linux 2.6.18.8 - ia64), if a domain write on the xencons before xenconsole is initialized the domain gets back what it wrote. This patch fixes this issue by making raw the pty slave very early. (I suppose it doesn''t happen with linux as a guest because it takes a little bit of time before writing to xencons). Tristan. _______________________________________________

Hi, in the last weeks I've unsuccessfully tried to get Samba (2.0.5a) - Unix (Suse 6.2) password sync working. Maybe somebody can give me a hint, what's wrong. Enclosed you'll find additional information. Thank you for helping, Johannes -------- smb.conf: passwd chat = *password* %n\n *password* %n\n *Password* -------- password chat (manually): homer:~ # /bin/passwd web New

This is an RFC only, at the very least it lacks tests. This implements a rather complex new feature in nbdkit-curl-plugin allowing you to specify an external shell script that can be used to fetch an authorization token for services which requires a token or cookie for access, especially if that token must be renewed periodically. The motivation can be seen in the changes to the docs in patch 2.

Evolution of this patch series: https://www.redhat.com/archives/libguestfs/2020-July/thread.html#00073 Instead of auth-script, this implements header-script and cookie-script. It can be used for similar purposes but the implementation is somewhat saner. Rich.