WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend

from [Anthony Liguori] [Permanent Link][Original]
To: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Subject: [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Wed, 14 Jun 2006 12:26:18 -0500
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 14 Jun 2006 10:27:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060614083613.GE5840@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4488D93D.7070303@xxxxxxxxxx> <20060614083613.GE5840@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.4 (X11/20060612) 
Ewan Mellor wrote:

On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:


Hi,
The following patch implements a secure XML-RPC protocol for Xend. Instead of using HTTPS with basic authentication and dealing with all that nasty OpenSSL/PAM integration, it just uses SSH. This gives you all the properties you want (great security and PAM integration) with very little code.
There are some minor issues so I'd rather it not be applied immediately. I'd like to get some feedback from people as to whether this approach is reasonable. A user-facing change is that now you can use the XM_SERVER environmental variable to specific an XML-RPC URI. 

I'm with Ian -- I'd rather see the SSL/PAM solution done properly than this.
That said, I don't see why we can't have this transport as well -- it's not a
big patch.

What happens if SSH isn't installed?  I don't see any nice diagnostic of that,
so I'm guessing that it just splats out an "execv failed" exception (unless
I've missed something).


In the current code, Popen throws an OSError.
I really don't like catching exceptions and doing an sys.exit within the command handler. I'd rather introduce a new exception type for use in xm and rethrow the OSError with a friendly message. This will make localization quite a bit easier. 

What do you think of this?

Regards,

Anthony Liguori


Ewan.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH 2/9] Linux kernel infrastructure for Xen Share access, Mike D. Day
Next by Date:  Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori
Previous by Thread:  [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor
Next by Thread:  [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy