# HG changeset patch
# User David Scott <dave.scott@xxxxxxxxxxxxx>
# Date 1282565001 -3600
# Node ID acfa0e8405cb12be60262655c8f21d97284e1a3b
# Parent  838461861723b2801ffc5496df81c55ecbe8ebe9
CA-42836: In the import_raw_vdi HTTP handler when issuing an HTTP redirect, use HTTPS if the caller was originally using HTTPS or HTTP otherwise.

Signed-off-by: David Scott <dave.scott@xxxxxxxxxxxxx>

diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.ml
--- a/ocaml/idl/ocaml_backend/context.ml	Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.ml	Mon Aug 23 13:03:21 2010 +0100
@@ -81,6 +81,14 @@
       Unix.ADDR_UNIX _ -> true
     | Unix.ADDR_INET _ -> false
 
+(** Calls coming directly into xapi on port 80 from remote IPs are unencrypted *)
+let is_unencrypted s = 
+  match Unix.getpeername s with
+    | Unix.ADDR_UNIX _ -> false
+    | Unix.ADDR_INET (addr, _) when addr = Unix.inet_addr_loopback -> false
+    | Unix.ADDR_INET _ -> true
+
+
 let preauth ~__context =
   match __context.origin with
       Internal -> false
diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.mli
--- a/ocaml/idl/ocaml_backend/context.mli	Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.mli	Mon Aug 23 13:03:21 2010 +0100
@@ -84,6 +84,9 @@
 (** [is_unix_socket fd] *)
 val is_unix_socket : Unix.file_descr -> bool
 
+(** [is_unencrypted fd] returns true if the calling connection is not encrypted *)
+val is_unencrypted : Unix.file_descr -> bool
+
 (** [preauth ~__context] *)
 val preauth : __context:t -> bool
 
diff -r 838461861723 -r acfa0e8405cb ocaml/xapi/import_raw_vdi.ml
--- a/ocaml/xapi/import_raw_vdi.ml	Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/xapi/import_raw_vdi.ml	Mon Aug 23 13:03:21 2010 +0100
@@ -70,7 +70,7 @@
 	raise e)
 
 let return_302_redirect (req: request) s address =
-	let url = Printf.sprintf "https://%s%s?%s" address req.uri (String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
+	let url = Printf.sprintf "%s://%s%s?%s" (if Context.is_unencrypted s then "http" else "https") address req.uri (String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
 	let headers = Http.http_302_redirect url in
 	debug "HTTP 302 redirect to: %s" url;
 	Http_svr.headers s headers