openxenmanager icon indicating copy to clipboard operation
openxenmanager copied to clipboard

Published 20 hours ago verified publisher icon OpenXenManager

openxenmanager supports unencrypted connections and makes these default

Open drt24 opened this issue 10 years ago • 9 comments

OpenXenManager should never use port 80 http but should instead always use an SSL connection on port 443 https. Please could encrypted connections be made the default and preferably could support for unencrypted connections be removed entirely as I am told that only "truly ancient dom0"'s might not support SSL.

drt24 avatar Jan 12 '15 16:01 drt24

Absolutely... this is something that is in my list to be done.

The standard Citrix XenCenter does not give an option for non-ssl, so like you I don't feel it needs to be there now.

TwoWheelDev avatar Jan 12 '15 16:01 TwoWheelDev

We should also use SSL and port 443 as the default for the add server dialog.

Leaving this bug open to track that

TwoWheelDev avatar Feb 02 '15 17:02 TwoWheelDev

The console access does not seem to support encrypted traffic on port 443. In tunnel.py at line 46: self.server_fd.connect((self.ip, 80))

It appears that port 80 is hardcoded, which is a problem with my install since my port 80 is restricted. This results in the following error whenever I try to use the console access:

Exception in thread Thread-5: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 763, in run self.__target(_self.__args, *_self.__kwargs) File "./src/OXM/tunnel.py", line 47, in listen self.server_fd.connect((self.ip, 80)) File "/usr/lib/python2.7/socket.py", line 224, in meth return getattr(self._sock,name)(*args) error: [Errno 110] Connection timed out

The line numbers may be changed due to my debug instructions.

Changing the port for 443 on this line does fix the problem for this instance but crashes immediately after. I did not diagnose any further with the changed port.

This problem does not manifest on Citrix XenServer. Other functionalities in OpenXenManager are working correctly. I am using OpenXenManager 0.1.0-dev1 with latest commit being dcbc2b1 on Ubuntu 14.04. Is there any more useful information that I could provide?

LeMurphant avatar Dec 07 '15 21:12 LeMurphant

I would like to confirm the issue that @LeMurphant mentioned regarding the port being hard coded in the tunnel (80). In my setup, the port 80 is restricted and it is causing the console not to work.

mohqas avatar Apr 08 '16 09:04 mohqas

I have been working on this issue... but have hit a snag with the SSL... running up against various errors, the main one being

Unexpected error: (<class 'ssl.SSLWantReadError'>, SSLWantReadError(2, u'The operation did not complete (read) (_ssl.c:1752)'), <traceback object at 0x7f44ed83eb48>)
Traceback (most recent call last):
  File "./src/OXM/tunnel.py", line 139, in read_from_server
    data = self.server_fd.recv(1024)
  File "/usr/lib/python2.7/ssl.py", line 734, in recv
    return self.read(buflen)
  File "/usr/lib/python2.7/ssl.py", line 621, in read
    v = self._sslobj.read(len or 1024)
SSLWantReadError: The operation did not complete (read) (_ssl.c:1752)

TwoWheelDev avatar Apr 08 '16 12:04 TwoWheelDev

So I've managed to fix the SSLWantReadError, but text entry is now very hit and miss in the console. I have uploaded the changes I've made to the ssl_tunnel branch

TwoWheelDev avatar Apr 08 '16 17:04 TwoWheelDev

On the ssl_tunnel branch commit 87eb6fa3 I get the following error when attempting to use the console:

[2016-04-11 09:06:52.551837]: Ready to read! Unexpected error: (<type 'exceptions.AttributeError'>, AttributeError("'module' object has no attribute 'SSLWantReadError'",), <traceback object at 0x7fd6e3f69f80>) Traceback (most recent call last): File "./src/OXM/tunnel.py", line 135, in read_from_server except ssl.SSLWantReadError: AttributeError: 'module' object has no attribute 'SSLWantReadError' None [2016-04-11 09:06:52.552318]: About to close!! Unexpected error: (<class 'socket.error'>, error(9, 'Bad file descriptor'), <traceback object at 0x7fd6e006dcf8>) Traceback (most recent call last): File "./src/OXM/tunnel.py", line 105, in listen self.server_fd.send(data) File "/usr/lib/python2.7/socket.py", line 170, in _dummy raise error(EBADF, 'Bad file descriptor') error: [Errno 9] Bad file descriptor None VNC disconnected.. <gtkvnc.Display object at 0x7fd6e3f64af0 (VncDisplay at 0x1cb2c30)>

LeMurphant avatar Apr 11 '16 13:04 LeMurphant

@LeMurphant The second error, I have been experiencing as well... but the first one is very odd... Hmm

TwoWheelDev avatar Apr 11 '16 13:04 TwoWheelDev

I had the same error regarding SSLWantReadError. This exception was introduced in python's 2.7.9 version of the library. However, on my Ubuntu LTS machine, python 2.7.6 is used.

I switched the exception to SSLError for the sake of testing, and the console worked partially as you mentioned: I could see the machines. However, I had issues with text input.

mohqas avatar Apr 13 '16 07:04 mohqas