Bug 528329

Summary: RHEVM - Backend - Fencing: Fencing command is sent as non-secure even when security is enabled
Product: [Other] Security Response Reporter: Daniel Paikov <dpaikov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: MODIFIED --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bsettle, jlieskov, srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Windows   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Daniel Paikov 2009-10-11 10:41:55 UTC
The fencing commands Fence-Host and Get-PowerManagementStatus are sent as non-secured even when ManagementUseSecuredConnection=True.

The VDSM receives the commands with "secure=False":
Thread-195307::DEBUG::2009-10-11 10:58:32,866::clientIF::1046::vds::fenceNode(addr=10.35.64.120,port=,agent=drac5,user=root,passwd=XXXX,action=status,secure=False,options=)

Comment 1 Vitaly Elyashev 2009-10-12 12:27:34 UTC
Please talk with Amos regarding requirements
Vitaly

Comment 2 Eli Mesika 2009-10-12 13:44:40 UTC


Thread-23233::DEBUG::2009-10-12 09:31:25,842::clientIF::1044::vds::fenceNode(addr=10.35.109.20,port=,agent=ipmilan,user=USERID,passwd=XXXX,action=status,secure=true,options=)
Thread-23233::DEBUG::2009-10-12 09:31:26,044::clientIF::1064::vds::rc 0 in agent=fence_ipmilan
ipaddr=10.35.109.20
login=USERID
option=status
passwd=XXXX
secure
timeout=20
 out Getting status of IPMI:10.35.109.20...Chassis power = On
Done

Comment 3 Eli Mesika 2009-10-12 13:45:23 UTC
At revision: 37573