aboutsummaryrefslogtreecommitdiff
path: root/nbd
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2022-03-04 19:36:00 +0000
committerEric Blake <eblake@redhat.com>2022-03-07 15:58:42 -0600
commit046f98d0753872b1e3189689da16c68e1f6c78c2 (patch)
tree5e2bfc2b8957e095a9eb84363b18ad017f9c91b6 /nbd
parentd41997e465c533f3a29e0d0bb52cfcad696e2b2d (diff)
block: pass desired TLS hostname through from block driver client
In commit a71d597b989fd701b923f09b3c20ac4fcaa55e81 Author: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Date: Thu Jun 10 13:08:00 2021 +0300 block/nbd: reuse nbd_co_do_establish_connection() in nbd_open() the use of the 'hostname' field from the BDRVNBDState struct was lost, and 'nbd_connect' just hardcoded it to match the IP socket address. This was a harmless bug at the time since we block use with anything other than IP sockets. Shortly though, we want to allow the caller to override the hostname used in the TLS certificate checks. This is to allow for TLS when doing port forwarding or tunneling. Thus we need to reinstate the passing along of the 'hostname'. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-3-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'nbd')
-rw-r--r--nbd/client-connection.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/nbd/client-connection.c b/nbd/client-connection.c
index 2bda42641d..2a632931c3 100644
--- a/nbd/client-connection.c
+++ b/nbd/client-connection.c
@@ -33,6 +33,7 @@ struct NBDClientConnection {
/* Initialization constants, never change */
SocketAddress *saddr; /* address to connect to */
QCryptoTLSCreds *tlscreds;
+ char *tlshostname;
NBDExportInfo initial_info;
bool do_negotiation;
bool do_retry;
@@ -77,7 +78,8 @@ NBDClientConnection *nbd_client_connection_new(const SocketAddress *saddr,
bool do_negotiation,
const char *export_name,
const char *x_dirty_bitmap,
- QCryptoTLSCreds *tlscreds)
+ QCryptoTLSCreds *tlscreds,
+ const char *tlshostname)
{
NBDClientConnection *conn = g_new(NBDClientConnection, 1);
@@ -85,6 +87,7 @@ NBDClientConnection *nbd_client_connection_new(const SocketAddress *saddr,
*conn = (NBDClientConnection) {
.saddr = QAPI_CLONE(SocketAddress, saddr),
.tlscreds = tlscreds,
+ .tlshostname = g_strdup(tlshostname),
.do_negotiation = do_negotiation,
.initial_info.request_sizes = true,
@@ -107,6 +110,7 @@ static void nbd_client_connection_do_free(NBDClientConnection *conn)
}
error_free(conn->err);
qapi_free_SocketAddress(conn->saddr);
+ g_free(conn->tlshostname);
object_unref(OBJECT(conn->tlscreds));
g_free(conn->initial_info.x_dirty_bitmap);
g_free(conn->initial_info.name);
@@ -120,6 +124,7 @@ static void nbd_client_connection_do_free(NBDClientConnection *conn)
*/
static int nbd_connect(QIOChannelSocket *sioc, SocketAddress *addr,
NBDExportInfo *info, QCryptoTLSCreds *tlscreds,
+ const char *tlshostname,
QIOChannel **outioc, Error **errp)
{
int ret;
@@ -140,7 +145,7 @@ static int nbd_connect(QIOChannelSocket *sioc, SocketAddress *addr,
}
ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc), tlscreds,
- tlscreds ? addr->u.inet.host : NULL,
+ tlshostname,
outioc, info, errp);
if (ret < 0) {
/*
@@ -183,7 +188,8 @@ static void *connect_thread_func(void *opaque)
ret = nbd_connect(conn->sioc, conn->saddr,
conn->do_negotiation ? &conn->updated_info : NULL,
- conn->tlscreds, &conn->ioc, &local_err);
+ conn->tlscreds, conn->tlshostname,
+ &conn->ioc, &local_err);
/*
* conn->updated_info will finally be returned to the user. Clear the