Change in vdsm[master]: Check permission to read key files when ssl is enabled

Fri, 08 Jun 2012 01:09:47 -0700 

Wenyi Gao has uploaded a new change for review.

Change subject: Check permission to read key files when ssl is enabled
......................................................................

Check permission to read key files when ssl is enabled

Currently, there is no permission check to read key files when ssl is
enabled, which maybe cause puzzling error. For example, when a
non-privileged user runs "vdsClient -s 0 getVdsCaps", there will be
as following error:

$ vdsClient -s 0 getVdsCaps
Traceback (most recent call last):
  File "/usr/share/vdsm/vdsClient.py", line 2275, in <module>
    code, message = commands[command][0](commandArgs)
  File "/usr/share/vdsm/vdsClient.py", line 403, in do_getCap
    return self.ExecAndExit(self.s.getVdsCapabilities())
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1224, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1578, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1264, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1292, in single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1439, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 954, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 814, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 776, in send
    self.connect()
  File "/usr/lib/python2.7/site-packages/vdsm/SecureXMLRPCServer.py", line 98, 
in connect
    cert_reqs=self.cert_reqs)
  File "/usr/lib64/python2.7/ssl.py", line 381, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib64/python2.7/ssl.py", line 141, in __init__
    ciphers)
SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate 
routines:X509_load_cert_crl_file:system lib

When ssl is enabled, this patch will first check the permission to read
key files, and then give a proper error message if there is no read access
to them.

Change-Id: I59b983d31a08bc657abdcba85f2f033900338055
Signed-off-by: Wenyi Gao <[email protected]>
---
M vdsm_cli/vdscli.py.in
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/56/5156/1
--
To view, visit http://gerrit.ovirt.org/5156
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I59b983d31a08bc657abdcba85f2f033900338055
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Wenyi Gao <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to