[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] [PATCH 2 of 2] CA-42836: In the import_raw_vdi HTTP handler when issuing an HTTP redirect, use HTTPS if the caller was originally using HTTPS or HTTP otherwise



# HG changeset patch
# User David Scott <dave.scott@xxxxxxxxxxxxx>
# Date 1282565001 -3600
# Node ID acfa0e8405cb12be60262655c8f21d97284e1a3b
# Parent  838461861723b2801ffc5496df81c55ecbe8ebe9
CA-42836: In the import_raw_vdi HTTP handler when issuing an HTTP redirect, use 
HTTPS if the caller was originally using HTTPS or HTTP otherwise.

Signed-off-by: David Scott <dave.scott@xxxxxxxxxxxxx>

diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.ml
--- a/ocaml/idl/ocaml_backend/context.ml        Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.ml        Mon Aug 23 13:03:21 2010 +0100
@@ -81,6 +81,14 @@
       Unix.ADDR_UNIX _ -> true
     | Unix.ADDR_INET _ -> false
 
+(** Calls coming directly into xapi on port 80 from remote IPs are unencrypted 
*)
+let is_unencrypted s = 
+  match Unix.getpeername s with
+    | Unix.ADDR_UNIX _ -> false
+    | Unix.ADDR_INET (addr, _) when addr = Unix.inet_addr_loopback -> false
+    | Unix.ADDR_INET _ -> true
+
+
 let preauth ~__context =
   match __context.origin with
       Internal -> false
diff -r 838461861723 -r acfa0e8405cb ocaml/idl/ocaml_backend/context.mli
--- a/ocaml/idl/ocaml_backend/context.mli       Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/idl/ocaml_backend/context.mli       Mon Aug 23 13:03:21 2010 +0100
@@ -84,6 +84,9 @@
 (** [is_unix_socket fd] *)
 val is_unix_socket : Unix.file_descr -> bool
 
+(** [is_unencrypted fd] returns true if the calling connection is not 
encrypted *)
+val is_unencrypted : Unix.file_descr -> bool
+
 (** [preauth ~__context] *)
 val preauth : __context:t -> bool
 
diff -r 838461861723 -r acfa0e8405cb ocaml/xapi/import_raw_vdi.ml
--- a/ocaml/xapi/import_raw_vdi.ml      Mon Aug 23 13:03:21 2010 +0100
+++ b/ocaml/xapi/import_raw_vdi.ml      Mon Aug 23 13:03:21 2010 +0100
@@ -70,7 +70,7 @@
        raise e)
 
 let return_302_redirect (req: request) s address =
-       let url = Printf.sprintf "https://%s%s?%s"; address req.uri 
(String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
+       let url = Printf.sprintf "%s://%s%s?%s" (if Context.is_unencrypted s 
then "http" else "https") address req.uri (String.concat "&" (List.map (fun 
(a,b) -> a^"="^b) req.query)) in
        let headers = Http.http_302_redirect url in
        debug "HTTP 302 redirect to: %s" url;
        Http_svr.headers s headers
 ocaml/idl/ocaml_backend/context.ml  |  8 ++++++++
 ocaml/idl/ocaml_backend/context.mli |  3 +++
 ocaml/xapi/import_raw_vdi.ml        |  2 +-
 3 files changed, 12 insertions(+), 1 deletions(-)


Attachment: xen-api.hg-2.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.