[Libguestfs] [nbdkit PATCH 1/2] server: Skip option haggling from client lacking fixed newstyle

[Eric Blake]

The NBD protocol states that servers may still choose to honor various
NBD_OPT_* from a client that did not reply with
NBD_FLAG_C_FIXED_NEWSTYLE; however, for integration testing purposes,
it's a lot nicer if we reject everything except NBD_OPT_EXPORT_NAME
from such a client (for example, with this in place, we might have
spotted the bug fixed in commit e03b34d6 a bit sooner).  Thus, a
client that does not claim to understand fixed newstyle can now no
longer trigger TLS, structured replies, meta contexts, or the nicer
handling of NBD_OPT_GO.  All well-known clients listed in
nbdkit-protocol.pod default to requesting fixed newstyle, so this
shouldn't affect normal usage.

Signed-off-by: Eric Blake <eblake at redhat.com>
---
 server/protocol-handshake-newstyle.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
index 9ddc3198..486d416f 100644
--- a/server/protocol-handshake-newstyle.c
+++ b/server/protocol-handshake-newstyle.c
@@ -259,6 +259,16 @@ negotiate_handshake_newstyle_options (struct connection *conn)
     option = be32toh (new_option.option);
     optname = name_of_nbd_opt (option);

+    /* If the client lacks fixed newstyle support, it should only send
+     * NBD_OPT_EXPORT_NAME.
+     */
+    if (!(conn->cflags & NBD_FLAG_FIXED_NEWSTYLE) &&
+        option != NBD_OPT_EXPORT_NAME) {
+      if (send_newstyle_option_reply (conn, option, NBD_REP_ERR_INVALID))
+        return -1;
+      continue;
+    }
+
     /* In --tls=require / FORCEDTLS mode the only options allowed
      * before TLS negotiation are NBD_OPT_ABORT and NBD_OPT_STARTTLS.
      */
-- 
2.21.0