From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36555) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqp6A-0004Vm-35 for qemu-devel@nongnu.org; Thu, 14 Apr 2016 17:46:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aqp65-0004OE-5V for qemu-devel@nongnu.org; Thu, 14 Apr 2016 17:46:50 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42490) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqp64-0004O8-Tl for qemu-devel@nongnu.org; Thu, 14 Apr 2016 17:46:45 -0400 References: <1460060981-5338-1-git-send-email-eblake@redhat.com> <571006BC.3070603@redhat.com> From: Eric Blake Message-ID: <57100FC2.5070703@redhat.com> Date: Thu, 14 Apr 2016 15:46:42 -0600 MIME-Version: 1.0 In-Reply-To: <571006BC.3070603@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vgF8V6SUnra10NrB8QRHFHFE1tPKb4UJ6" Subject: Re: [Qemu-devel] [PATCH for-2.6] nbd: Don't kill server on client that doesn't request TLS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Max Reitz , qemu-devel@nongnu.org Cc: pbonzini@redhat.com, alex@alex.org.uk This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --vgF8V6SUnra10NrB8QRHFHFE1tPKb4UJ6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/14/2016 03:08 PM, Max Reitz wrote: > On 07.04.2016 22:29, Eric Blake wrote: >> Upstream NBD is documenting that servers MAY choose to operate >> in a conditional mode, where it is up to the client whether to >> use TLS. For qemu's case, we want to always be in FORCEDTLS >> mode, because of the risk of man-in-the-middle attacks, and since >> we never export more than one device; likewise, the qemu client >> will ALWAYS send NBD_OPT_STARTTLS as its first option. But now >> that SELECTIVETLS servers exist, it is feasible to encounter a >> (non-qemu) client that does not do NBD_OPT_STARTTLS first, but >> rather wants to take advantage of the conditional modes it might >> find elsewhere. >> >> Since we require TLS, we are within our rights to drop connections >> on any client that doesn't negotiate it right away, or which >> attempts to negotiate it incorrectly, without violating the intent >> of the NBD Protocol. However, it's better to allow the client to >> continue trying, on the grounds that maybe the client will get the >> hint to send NBD_OPT_STARTTLS. >> >> Signed-off-by: Eric Blake >> --- >> +++ b/nbd/server.c >> @@ -450,9 +450,12 @@ static int nbd_negotiate_options(NBDClient *clien= t) >> >> default: >> TRACE("Option 0x%x not permitted before TLS", clientf= lags); >> + if (nbd_negotiate_drop_sync(client->ioc, length) !=3D= length) { >> + return -EIO; >> + } >> nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_TLS_R= EQD, >> clientflags); >> - return -EINVAL; >> + break; >> } >=20 > What about NBD_OPT_EXPORTNAME? The specification says that this option > does not allow for errors, and so the session must be terminated if thi= s > option is sent in FORCEDTLS mode without TLS having been negotiated. Oh, good catch. v2 coming up. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --vgF8V6SUnra10NrB8QRHFHFE1tPKb4UJ6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXEA/CAAoJEKeha0olJ0NqblkH/18CiOWkOz06QtIx5UVTf9oI YEtF2rVHGznL9+Yw/BuHEy4uIQoN42v/kQluOhTqbgOJkcGtw0WoBC3cSYthIA1h Lb6SnijMBSLvYam2S6uUflM0aLYXlKX/7DL2VEF2UDg6UCXbX2lcp57q8dI0FOu+ dOGc2TQU0Y2a6JwCo4/jTZ6TrmUwL7HGZTJkFO8dEAnJ9oxqDIzCDbc2EofZAUKH nWSWwh8EkdxH/MPJPjP+i84oC0jmYTxbjDsdD8zW4PaTMFxN2eTymyLg4ndhdiWB hdD4JqKiuP8i9RNPXObqkXb5E+qeTIEY08BpL/Fu0x/Ee3StmRnOdAQvWxdbwnA= =bE5r -----END PGP SIGNATURE----- --vgF8V6SUnra10NrB8QRHFHFE1tPKb4UJ6--