#include <libgen.h>
#include <pthread.h>
+#include "qemu-common.h"
#include "qapi/error.h"
#include "qemu/cutils.h"
#include "sysemu/block-backend.h"
#include "block/block_int.h"
#include "block/nbd.h"
#include "qemu/main-loop.h"
+#include "qemu/module.h"
#include "qemu/option.h"
#include "qemu/error-report.h"
#include "qemu/config-file.h"
#define QEMU_NBD_OPT_TLSCREDS 261
#define QEMU_NBD_OPT_IMAGE_OPTS 262
#define QEMU_NBD_OPT_FORK 263
+#define QEMU_NBD_OPT_TLSAUTHZ 264
+#define QEMU_NBD_OPT_PID_FILE 265
#define MBR_SIZE 512
static int nb_fds;
static QIONetListener *server;
static QCryptoTLSCreds *tlscreds;
+static const char *tlsauthz;
static void usage(const char *name)
{
" --object type,id=ID,... define an object such as 'secret' for providing\n"
" passwords and/or encryption keys\n"
" --tls-creds=ID use id of an earlier --object to provide TLS\n"
+" --tls-authz=ID use id of an earlier --object to provide\n"
+" authorization\n"
" -T, --trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
" specify tracing options\n"
" --fork fork off the server process and exit the parent\n"
" once the server is running\n"
+" --pid-file=PATH store the server's process ID in the given file\n"
#if HAVE_NBD_DEVICE
"\n"
"Kernel NBD client support:\n"
printf(" description: %s\n", list[i].description);
}
if (list[i].flags & NBD_FLAG_HAS_FLAGS) {
+ static const char *const flag_names[] = {
+ [NBD_FLAG_READ_ONLY_BIT] = "readonly",
+ [NBD_FLAG_SEND_FLUSH_BIT] = "flush",
+ [NBD_FLAG_SEND_FUA_BIT] = "fua",
+ [NBD_FLAG_ROTATIONAL_BIT] = "rotational",
+ [NBD_FLAG_SEND_TRIM_BIT] = "trim",
+ [NBD_FLAG_SEND_WRITE_ZEROES_BIT] = "zeroes",
+ [NBD_FLAG_SEND_DF_BIT] = "df",
+ [NBD_FLAG_CAN_MULTI_CONN_BIT] = "multi",
+ [NBD_FLAG_SEND_RESIZE_BIT] = "resize",
+ [NBD_FLAG_SEND_CACHE_BIT] = "cache",
+ };
+
printf(" size: %" PRIu64 "\n", list[i].size);
printf(" flags: 0x%x (", list[i].flags);
- if (list[i].flags & NBD_FLAG_READ_ONLY) {
- printf(" readonly");
- }
- if (list[i].flags & NBD_FLAG_SEND_FLUSH) {
- printf(" flush");
- }
- if (list[i].flags & NBD_FLAG_SEND_FUA) {
- printf(" fua");
- }
- if (list[i].flags & NBD_FLAG_ROTATIONAL) {
- printf(" rotational");
- }
- if (list[i].flags & NBD_FLAG_SEND_TRIM) {
- printf(" trim");
- }
- if (list[i].flags & NBD_FLAG_SEND_WRITE_ZEROES) {
- printf(" zeroes");
- }
- if (list[i].flags & NBD_FLAG_SEND_DF) {
- printf(" df");
- }
- if (list[i].flags & NBD_FLAG_CAN_MULTI_CONN) {
- printf(" multi");
- }
- if (list[i].flags & NBD_FLAG_SEND_RESIZE) {
- printf(" resize");
- }
- if (list[i].flags & NBD_FLAG_SEND_CACHE) {
- printf(" cache");
+ for (size_t bit = 0; bit < ARRAY_SIZE(flag_names); bit++) {
+ if (flag_names[bit] && (list[i].flags & (1 << bit))) {
+ printf(" %s", flag_names[bit]);
+ }
}
printf(" )\n");
}
goto out;
}
- ret = nbd_receive_negotiate(QIO_CHANNEL(sioc),
+ ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
NULL, NULL, NULL, &info, &local_error);
if (ret < 0) {
if (local_error) {
nb_fds++;
nbd_update_server_watch();
- nbd_client_new(cioc, tlscreds, NULL, nbd_client_closed);
+ nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
}
static void nbd_update_server_watch(void)
{ "export-name", required_argument, NULL, 'x' },
{ "description", required_argument, NULL, 'D' },
{ "tls-creds", required_argument, NULL, QEMU_NBD_OPT_TLSCREDS },
+ { "tls-authz", required_argument, NULL, QEMU_NBD_OPT_TLSAUTHZ },
{ "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS },
{ "trace", required_argument, NULL, 'T' },
{ "fork", no_argument, NULL, QEMU_NBD_OPT_FORK },
+ { "pid-file", required_argument, NULL, QEMU_NBD_OPT_PID_FILE },
{ NULL, 0, NULL, 0 }
};
int ch;
bool list = false;
int old_stderr = -1;
unsigned socket_activation;
+ const char *pid_file_name = NULL;
/* The client thread uses SIGTERM to interrupt the server. A signal
* handler ensures that "qemu-nbd -v -c" exits with a nice status code.
signal(SIGPIPE, SIG_IGN);
#endif
+ error_init(argv[0]);
module_call_init(MODULE_INIT_TRACE);
- error_set_progname(argv[0]);
qcrypto_init(&error_fatal);
module_call_init(MODULE_INIT_QOM);
flags &= ~BDRV_O_RDWR;
break;
case 'P':
+ warn_report("The '-P' option is deprecated; use --image-opts with "
+ "a raw device wrapper for subset exports instead");
if (qemu_strtoi(optarg, NULL, 0, &partition) < 0 ||
partition < 1 || partition > 8) {
error_report("Invalid partition '%s'", optarg);
g_free(trace_file);
trace_file = trace_opt_parse(optarg);
break;
+ case QEMU_NBD_OPT_TLSAUTHZ:
+ tlsauthz = optarg;
+ break;
case QEMU_NBD_OPT_FORK:
fork_process = true;
break;
case 'L':
list = true;
break;
+ case QEMU_NBD_OPT_PID_FILE:
+ pid_file_name = optarg;
+ break;
}
}
error_report("TLS is not supported with a host device");
exit(EXIT_FAILURE);
}
+ if (tlsauthz && list) {
+ error_report("TLS authorization is incompatible with export list");
+ exit(EXIT_FAILURE);
+ }
tlscreds = nbd_get_tls_creds(tlscredsid, list, &local_err);
if (local_err) {
error_report("Failed to get TLS creds %s",
error_get_pretty(local_err));
exit(EXIT_FAILURE);
}
+ } else {
+ if (tlsauthz) {
+ error_report("--tls-authz is not permitted without --tls-creds");
+ exit(EXIT_FAILURE);
+ }
}
if (list) {
exit(EXIT_FAILURE);
} else if (pid == 0) {
close(stderr_fd[0]);
+
+ old_stderr = dup(STDERR_FILENO);
ret = qemu_daemon(1, 0);
/* Temporarily redirect stderr to the parent's pipe... */
- old_stderr = dup(STDERR_FILENO);
dup2(stderr_fd[1], STDERR_FILENO);
if (ret < 0) {
error_report("Failed to daemonize: %s", strerror(errno));
nbd_update_server_watch();
+ if (pid_file_name) {
+ qemu_write_pidfile(pid_file_name, &error_fatal);
+ }
+
/* now when the initialization is (almost) complete, chdir("/")
* to free any busy filesystems */
if (chdir("/") < 0) {
projects / qemu.git / blobdiff