diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-03-09 20:55:44 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-03-09 20:55:44 +0000 |
| commit | e2a18635a400b0e68679614132e9ef6316105590 (patch) | |
| tree | 3481839ec3cdbeb690965eea28f9595c9b1ffac1 /tests/qemu-iotests/233 | |
| parent | f5b4c31030f45293bb4517445722768434829d91 (diff) | |
| parent | 054be3605459d4342e9ee5a82ae0fcffeeb09e4d (diff) | |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-03-08' into staging
nbd patches for 2019-03-08
- support TLS client authorization in NBD servers
- iotest 223 race fix
# gpg: Signature made Fri 08 Mar 2019 17:37:59 GMT
# gpg: using RSA key A7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* remotes/ericb/tags/pull-nbd-2019-03-08:
iotests: Wait for qemu to end in 223
nbd: fix outdated qapi docs syntax for tls-creds
nbd: allow authorization with nbd-server-start QMP command
qemu-nbd: add support for authorization of TLS clients
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'tests/qemu-iotests/233')
| -rwxr-xr-x | tests/qemu-iotests/233 | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index 876cd5997b..b8b6c8cc4c 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -61,6 +61,7 @@ tls_x509_create_root_ca "ca2" tls_x509_create_server "ca1" "server1" tls_x509_create_client "ca1" "client1" tls_x509_create_client "ca2" "client2" +tls_x509_create_client "ca1" "client3" echo echo "== preparing image ==" @@ -93,11 +94,15 @@ $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port echo echo "== check TLS works ==" -obj=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 -$QEMU_IMG info --image-opts --object $obj \ +obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 +obj2=tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj1 \ driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \ 2>&1 | sed "s/$nbd_tcp_port/PORT/g" -$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \ +$QEMU_IMG info --image-opts --object $obj2 \ + driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \ + 2>&1 | sed "s/$nbd_tcp_port/PORT/g" +$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj1 \ --tls-creds=tls0 echo @@ -120,6 +125,27 @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' --image-opts \ $QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io echo +echo "== check TLS with authorization ==" + +nbd_server_stop + +nbd_server_start_tcp_socket \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object "authz-simple,id=authz0,identity=CN=localhost,, \ + O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \ + --tls-authz authz0 \ + --tls-creds tls0 \ + -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" + +$QEMU_IMG info --image-opts \ + --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \ + driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 + +$QEMU_IMG info --image-opts \ + --object tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 \ + driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 + +echo echo "== final server log ==" cat "$TEST_DIR/server.log" rm -f "$TEST_DIR/server.log" |