[Nbd] authenticated and named exports

To: nbd-general@lists.sourceforge.net
Subject: [Nbd] authenticated and named exports
From: Wouter Verhelst <w@...112...>
Date: Tue, 27 Jul 2010 07:38:33 -0400
Message-id: <20100727113833.GP3395@...510...>

Hi folks,

After the 2.9.16 release a few days ago, I didn't stop coding.

I forward-ported Brad Allen's auth patch, so that it works again. I'm
not sure what to do with it; it only provides authentication, but not
integrity; I don't want to give people a false sense of security. Maybe
if people combine it with something like stunnel, or a VPN or something,
it can be entirely safe... I dunno. At any rate, there's an 'auth'
branch on sourceforge and github, you can check it out if you want.

Second, I implemented a scheme for specifying exports by name, rather
than by port. It would work by way of a -N option:

nbd-client localhost /dev/nbd0 -N myexport

In this situation, nbd-client would need to connect to nbd-server on a
well-known port (I have a request out at IANA), and would send the
string "myexport" as the name of the export; NBD-server would search for
an export with "myexport" as the group name in the config file, as in

[myexport]
	exportname = /dev/sda

and then serve that. Note the absense of the port number; in this
version of nbd-server, only the 'exportname' parameter is required.

I've added an 'oldstyle' boolean option for the [generic] section. If
you switch that on, then the port number is still required, and
nbd-server will export the device both on the well-known port where a
name has to be specified, and on the port you specify with the 'old'
unmodified negotiation protocol.

If you export a file on the command line, then specifying the export by
name isn't possible. It's also not possible to export a file on the
well-known port in the old style, even if you only export files on the
command line.

I'm not going to release this until IANA assigns me a port number, but
the patch is in the 'names' branch in git on sourceforge and github.

Feedback on this would be welcome.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html

Reply to:

Prev by Date: Re: [Nbd] 2.9.16 released
Next by Date: [Nbd] nbd 2.9.16: nbd-client -c exit code is incorrect for disconnected on ubuntu lucid
Previous by thread: Re: [Nbd] 2.9.16 released
Next by thread: [Nbd] nbd 2.9.16: nbd-client -c exit code is incorrect for disconnected on ubuntu lucid
Index(es):
- Date
- Thread