WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

[Xen-API] [PATCH 2 of 2] CA-42836: In the import_raw_vdi HTTP handler wh

To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] [PATCH 2 of 2] CA-42836: In the import_raw_vdi HTTP handler when issuing an HTTP redirect, use HTTPS if the caller was originally using HTTPS or HTTP otherwise
From: David Scott <dave.scott@xxxxxxxxxxxxx>
Date: Mon, 23 Aug 2010 13:03:54 +0100
Delivery-date: Mon, 23 Aug 2010 05:26:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <patchbomb.1282565032@ely>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <patchbomb.1282565032@ely>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mercurial-patchbomb/1.4.3
# HG changeset patch
# User David Scott <dave.scott@xxxxxxxxxxxxx>
# Date 1282565001 -3600
# Node ID acfa0e8405cb12be60262655c8f21d97284e1a3b
# Parent  838461861723b2801ffc5496df81c55ecbe8ebe9
CA-42836: In the import_raw_vdi HTTP handler when issuing an HTTP redirect, use 
HTTPS if the caller was originally using HTTPS or HTTP otherwise.

Signed-off-by: David Scott <dave.scott@xxxxxxxxxxxxx>

diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.ml
--- a/ocaml/idl/ocaml_backend/context.ml        Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.ml        Mon Aug 23 13:03:21 2010 +0100
@@ -81,6 +81,14 @@
       Unix.ADDR_UNIX _ -> true
     | Unix.ADDR_INET _ -> false
 
+(** Calls coming directly into xapi on port 80 from remote IPs are unencrypted 
*)
+let is_unencrypted s = 
+  match Unix.getpeername s with
+    | Unix.ADDR_UNIX _ -> false
+    | Unix.ADDR_INET (addr, _) when addr = Unix.inet_addr_loopback -> false
+    | Unix.ADDR_INET _ -> true
+
+
 let preauth ~__context =
   match __context.origin with
       Internal -> false
diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.mli
--- a/ocaml/idl/ocaml_backend/context.mli       Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.mli       Mon Aug 23 13:03:21 2010 +0100
@@ -84,6 +84,9 @@
 (** [is_unix_socket fd] *)
 val is_unix_socket : Unix.file_descr -> bool
 
+(** [is_unencrypted fd] returns true if the calling connection is not 
encrypted *)
+val is_unencrypted : Unix.file_descr -> bool
+
 (** [preauth ~__context] *)
 val preauth : __context:t -> bool
 
diff -r 838461861723 -r acfa0e8405cb ocaml/xapi/import_raw_vdi.ml
--- a/ocaml/xapi/import_raw_vdi.ml      Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/xapi/import_raw_vdi.ml      Mon Aug 23 13:03:21 2010 +0100
@@ -70,7 +70,7 @@
        raise e)
 
 let return_302_redirect (req: request) s address =
-       let url = Printf.sprintf "https://%s%s?%s"; address req.uri 
(String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
+       let url = Printf.sprintf "%s://%s%s?%s" (if Context.is_unencrypted s 
then "http" else "https") address req.uri (String.concat "&" (List.map (fun 
(a,b) -> a^"="^b) req.query)) in
        let headers = Http.http_302_redirect url in
        debug "HTTP 302 redirect to: %s" url;
        Http_svr.headers s headers
 ocaml/idl/ocaml_backend/context.ml  |  8 ++++++++
 ocaml/idl/ocaml_backend/context.mli |  3 +++
 ocaml/xapi/import_raw_vdi.ml        |  2 +-
 3 files changed, 12 insertions(+), 1 deletions(-)


Attachment: xen-api.hg-2.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>