Re: [Nbd] nbd-server working easily in cygwin in XP

[Wouter Verhelst <w@...112...>]

On Tue, Aug 12, 2008 at 11:10:14AM -0700, qm <Brad Allen wrote:
> Wouter Verhelst <w@...112...> wrote on Thu, 24 Jul 2008 13:50:01 +0200:
> " On Sun, Jul 20, 2008 at 11:56:46AM -0700, ulmo@...205... wrote:
[...]
> I copied my nbd.h out (which itself was a modified copy of a recent
> kernel tarball's nbd.h with the #include's commented out, and which
> you commented on above), and then uncommented the comments in the
> "#ifdef __LINUX__" piece like you mentioned, leaving the only comment
> "#include <linux/types.h>" as different from the original.  So, to
> clean that up, I searched for another comment I could make to figure
> out what type of system it is that should work for all systems, and
> found:
> 
> __CYGWIN__
> __linux__
> 
> I decided to use __linux__, so the patch from the original nbd.h from
> the kernel becomes:
> 
> --- nbd.h.orig	2008-08-12 06:38:02.906250000 -0700
> +++ nbd.h	2008-08-12 06:37:36.500000000 -0700
> @@ -15,7 +15,9 @@
>  #ifndef LINUX_NBD_H
>  #define LINUX_NBD_H
>  
> +#ifdef __linux__
>  #include <linux/types.h>
> +#endif /* __linux__ */
>  
>  #define NBD_SET_SOCK	_IO( 0xab, 0 )
>  #define NBD_SET_BLKSIZE	_IO( 0xab, 1 )
> @@ -70,7 +72,7 @@
>  	int xmit_timeout;
>  };
>  
> -#endif
> +#endif /* __KERNEL__ */
>  
>  /* These are sent over the network in the request/reply magic fields */
>  
> ../configure should work now.

You'll want to send this to Paul Clements, who maintains the kernel side
of nbd (you'll find his address in the MAINTAINERS file in the kernel --
if he's not on the list :)

[...]
> Ok, and now for the test:
> 
>   cp README /usr/local/etc/nbd-server/config
>   vi /usr/local/etc/nbd-server/config
>   cp -a nbd-server.exe /usr/local/bin/
>   nbd-server
> 
> Boot remote system that wants it so I can test it ... and it now works
> fine!  (Don't forget to poke a hole in Windows Firewall; clicking
> "Unblock" on the popup is insufficient.)
> 
> Thank you.

You're welcome :)

> Ok, for the other fixes:
> 
> I use a local INIT_PASSWD that isn't 8 bytes, so here are the
> necessary modifications for that:
> 
> --- nbd-client.c~	2008-08-12 06:44:12.578125000 -0700
> +++ nbd-client.c	2008-08-12 07:57:16.446750000 -0700
> @@ -96,7 +96,7 @@
>  	char buf[256] = "\0\0\0\0\0\0\0\0\0";
>  
>  	printf("Negotiation: ");
> -	if (read(sock, buf, 8) < 0)
> +	if (read(sock, buf, strlen(INIT_PASSWD)) < 0)
>  		err("Failed/1: %m");
>  	if (strlen(buf)==0)
>  		err("Server closed connection");
> --- nbd-server.c~	2008-08-12 06:44:12.421875000 -0700
> +++ nbd-server.c	2008-08-12 07:56:49.337375000 -0700
> @@ -1061,7 +1061,7 @@
>  	u32 flags = NBD_FLAG_HAS_FLAGS;
>  
>  	memset(zeros, '\0', sizeof(zeros));
> -	if (write(client->net, INIT_PASSWD, 8) < 0)
> +	if (write(client->net, INIT_PASSWD, strlen(INIT_PASSWD)) < 0)
>  		err("Negotiation failed: %m");
>  	cliserv_magic = htonll(cliserv_magic);
>  	if (write(client->net, &cliserv_magic, sizeof(cliserv_magic)) < 0)
> --- nbd-client.c~	2008-08-12 07:57:16.446750000 -0700
> +++ nbd-client.c	2008-08-12 08:01:24.616625000 -0700
> @@ -100,7 +100,7 @@
>  		err("Failed/1: %m");
>  	if (strlen(buf)==0)
>  		err("Server closed connection");
> -	if (strcmp(buf, INIT_PASSWD))
> +	if (strncmp(buf, INIT_PASSWD, strlen(INIT_PASSWD)))
>  		err("INIT_PASSWD bad");
>  	printf(".");
>  	if (read(sock, &magic, sizeof(magic)) < 0)

I'm not going to apply that. The INIT_PASSWD is part of the protocol; by
changing it, you effectively change the protocol handshake. It's not
/really/ a password.

I'll probably be adding real actual authentication to nbd-server at some
point, but for now, please bear with me (or send patches ;-)

> I probably forgot something in the above (I've re-done that so many
> times, I forget).

Hehe.

> " > 5.  In cygwin in XP, a big file I had of 7.5G worked fine, but
> " >     when I had DODBG [and NOFORK] defined to 1 (in config.h) and
> " >     it printed the size, the size was minus 2^32, so I assume it
> " >     just wraps at 2^32.  So to isolate that that wasn't the
> " >     problem, besides testing smaller pieces and stuff, I put in a
> " >     simple test to check if the variable was at least correct.
> 
> That debugging bug with the 8 octect integer printing as a 4 octect
> number where I wrote the little function that prints decimal numbers
> can be redone like this much cleaner (and locale-clean as well):
> 
> In Linux, the manual page says L is for floating point numbers; ll is
> the one to use for integers, and I'm assuming Cygwin is the same
> (which apparently it is).  I replaced all the "%L" with "%ll" (that
> is, %Lu with %llu and %Ld with %lld), and as you can see in the
> following debugging output, it works fine (in cygwin, with DODBG and
> NOFORK #defined to 1 in config.h for debugging purposes):

Ah, stupid. Thanks for catching that.

[...]
> Small bug, easy fix.  Here's the patch for that:
[...]

Applied.

> ===================
> 
> Modifying my previous email's (and tarball's) cygwin instructions for
> your above improved version, assuming all above patches applied and
> instructions followed (i.e., use nbd.h as I described and fight the
> muddy fight with autoconf):
> 
> Basically, all that's left is hand-holding:
> 
> 0.  Obviously, every time ./configure says something that is necessary
>     is missing, go get it!  I have a healthy cygwin installation (that
>     means a lot of stuff is present).  If you don't know enough to
>     select the right cygwin packages, then you are brave indeed!  To
>     such a brave soul, go and install EVERY cygwin package that might
>     be used, and you'll be just fine.  (I don't; no room, and no time
>     for all the insane conflicts, which I've never seen so maybe there
>     aren't any.)  (I've since installed much more, and found that
>     cygwin actually says it's OK to install everything; you can just
>     do that.)
> 
>     Be sure to include glib2-devel.  I have no idea what it is, but
>     they say nbd needs it, and indeed it does (I tried without it,
>     since I have a no-Gnome policy).

glib2 is a "utility library". It does not contain any graphical
subroutines, but instead useful things like "g_strdup_printf" (a
combination of strdup() and sprintf() in one function, allowing me to
safely create a string without having to guess how large the result will
be), g_strsplit() (a simple and threadsafe string tokenizer that returns
an array of strings, with each element containing one token), and the
GKeyFile framework (a lexer that was originally written to parse
.desktop files, but which is flexible enough so that I've been able to
use it for the config file parser).

Even if, like me, you don't like gnome, it's still a very useful
library.

[...]
>     couldn't as easily steal or modify runnable data.  To make it
>     really secure, nbd-server ought to have a password settable in the
>     config file that nbd-client must use, which it requires upon
>     negotiation.

I completely agree. It's been on my TODO list for a few years (with
dreams of adding Kerberos support, too), but just hasn't happened yet.
There're a few reasons for that:
- First, I want to keep nbd-client as small as possible, so that it'll
  fit on embedded devices and in initrds and such; so using a (possibly
  huge) library to implement password authentication is out, unless it
  can optionally be disabled; this rules out things like SASL and
  Kerberos if they're the only thing we're going to use.
- Second, I do /not/ want to send passwords across the wire in the clear
  in any case. Doing this will only provide a false sense of security,
  and I don't want to do that in any case.
- Third, so far I just haven't had the time to properly work out a
  solution that satisfies both of the above constraints.

>     That should be trivial for anybody to add that knows
>     a small modicum of C -- it's a splendidly simple program.  I
>     already put a password in for nbd-client to make sure no one is
>     masquerading as an illicit nbd-server, which also ought to be done
>     (nbd-server isn't to be trusted, either, right?).

Right.

If you do work out something, I'd be perfectly happy to include it...

-- 
<Lo-lan-do> Home is where you have to wash the dishes.
  -- #debian-devel, Freenode, 2004-09-22