[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend

On Wed, Jun 14, 2006 at 12:26:18PM -0500, Anthony Liguori wrote:

> Ewan Mellor wrote:
> >On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
> >
> >  
> >>Hi,
> >>
> >>The following patch implements a secure XML-RPC protocol for Xend.  
> >>Instead of using HTTPS with basic authentication and dealing with all 
> >>that nasty OpenSSL/PAM integration, it just uses SSH.  This gives you 
> >>all the properties you want (great security and PAM integration) with 
> >>very little code.
> >>
> >>There are some minor issues so I'd rather it not be applied 
> >>immediately.  I'd like to get some feedback from people as to whether 
> >>this approach is reasonable.  A user-facing change is that now you can 
> >>use the XM_SERVER environmental variable to specific an XML-RPC URI.
> >>    
> >
> >I'm with Ian -- I'd rather see the SSL/PAM solution done properly than 
> >this.
> >That said, I don't see why we can't have this transport as well -- it's 
> >not a
> >big patch.
> >
> >What happens if SSH isn't installed?  I don't see any nice diagnostic of 
> >that,
> >so I'm guessing that it just splats out an "execv failed" exception (unless
> >I've missed something).
> >  
> In the current code, Popen throws an OSError.
> I really don't like catching exceptions and doing an sys.exit within the 
> command handler.  I'd rather introduce a new exception type for use in 
> xm and rethrow the OSError with a friendly message.  This will make 
> localization quite a bit easier.
> What do you think of this?

Sure, diagnose and rethrow all the way to the top level -- that's what main.py
does now for most things, and it makes it easier to integrate main.py into
larger applications too.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.