From f4e17109c8fe1ce5c702cd79a24804785318b075 Mon Sep 17 00:00:00 2001 From: Konstantina Chremmou Date: Tue, 13 Apr 2021 13:36:30 +0100 Subject: [PATCH] CP-36124: Check and enable TLS verification on first connection. Also, PascalCased some methods. Signed-off-by: Konstantina Chremmou --- .../Commands/EnableTlsVerificationCommand.cs | 144 ++++++++++++++++++ XenAdmin/MainWindow.Designer.cs | 9 ++ XenAdmin/MainWindow.cs | 33 +++- XenAdmin/MainWindow.resx | 22 ++- XenAdmin/TabPages/GeneralTabPage.cs | 131 +++++++++------- XenAdmin/XenAdmin.csproj | 1 + XenModel/Messages.Designer.cs | 128 ++++++++++++++++ XenModel/Messages.resx | 44 ++++++ XenModel/XenAPI-Extensions/Host.cs | 5 + 9 files changed, 454 insertions(+), 63 deletions(-) create mode 100644 XenAdmin/Commands/EnableTlsVerificationCommand.cs diff --git a/XenAdmin/Commands/EnableTlsVerificationCommand.cs b/XenAdmin/Commands/EnableTlsVerificationCommand.cs new file mode 100644 index 000000000..71fdf2ff0 --- /dev/null +++ b/XenAdmin/Commands/EnableTlsVerificationCommand.cs @@ -0,0 +1,144 @@ +/* Copyright (c) Citrix Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the + * following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +using System.Linq; +using System.Windows.Forms; +using XenAdmin.Actions; +using XenAdmin.Core; +using XenAdmin.Dialogs; +using XenAPI; + + +namespace XenAdmin.Commands +{ + class EnableTlsVerificationCommand : Command + { + private readonly bool _confirm = true; + + public EnableTlsVerificationCommand() + { + + } + + public EnableTlsVerificationCommand(IMainWindow window, Pool pool, bool confirm = true) + : base(window, pool) + { + _confirm = confirm; + } + + protected override void ExecuteCore(SelectedItemCollection selection) + { + var connection = selection.GetConnectionOfFirstItem(); + + if (connection != null && !connection.Session.IsLocalSuperuser && !Registry.DontSudo && + connection.Session.Roles.All(r => r.name_label != Role.MR_ROLE_POOL_ADMIN)) + { + var currentRoles = connection.Session.Roles; + currentRoles.Sort(); + + var msg = string.Format(Messages.ENABLE_TLS_VERIFICATION_RBAC_RESTRICTION, currentRoles[0].FriendlyName(), + Role.FriendlyName(Role.MR_ROLE_POOL_ADMIN)); + + using (var dlg = new ErrorDialog(msg)) + dlg.ShowDialog(Parent); + + return; + } + + var pool = Helpers.GetPoolOfOne(connection); + + if (_confirm) + { + var msg = $"{Messages.MESSAGEBOX_ENABLE_TLS_VERIFICATION_WARNING}\n\n{Messages.CONFIRM_CONTINUE}"; + + using (var dlg = new WarningDialog(msg, + new ThreeButtonDialog.TBDButton(Messages.MESSAGEBOX_ENABLE_TLS_VERIFICATION_BUTTON, + DialogResult.Yes, ThreeButtonDialog.ButtonType.ACCEPT, true), + ThreeButtonDialog.ButtonNo)) + if (dlg.ShowDialog(Parent) != DialogResult.Yes) + return; + } + + new DelegatedAsyncAction(connection, + string.Format(Messages.ACTION_ENABLING_TLS_VERIFICATION_ON, Helpers.GetName(pool)), + Messages.ACTION_ENABLING_TLS_VERIFICATION, Messages.COMPLETED, + Pool.enable_tls_verification, "pool.enable_tls_verification").RunAsync(); + } + + protected override bool CanExecuteCore(SelectedItemCollection selection) + { + if (selection == null || selection.Count != 1 || + selection.Any(i => !(i.XenObject is Host) && !(i.XenObject is Pool))) + return false; + + var conn = selection.GetConnectionOfAllItems(); + if (conn == null || !Helpers.PostStockholm(conn) || conn.Cache.Hosts.Any(Host.RestrictCertificateVerification)) + return false; + + var pool = Helpers.GetPoolOfOne(conn); + return pool != null && + !pool.tls_verification_enabled && + !pool.ha_enabled && + !pool.current_operations.Values.Contains(pool_allowed_operations.ha_enable) && + !pool.current_operations.Values.Contains(pool_allowed_operations.ha_disable) && + !pool.current_operations.Values.Contains(pool_allowed_operations.cluster_create) && + !pool.current_operations.Values.Contains(pool_allowed_operations.designate_new_master); + } + + protected override string GetCantExecuteReasonCore(IXenObject item) + { + var pool = item == null ? null : Helpers.GetPoolOfOne(item.Connection); + + if (pool != null) + { + if (pool.ha_enabled) + return Messages.ENABLE_TLS_VERIFICATION_HA_ENABLED; + + if (pool.current_operations.Values.Contains(pool_allowed_operations.ha_enable)) + return Messages.ENABLE_TLS_VERIFICATION_HA_ENABLING; + + if (pool.current_operations.Values.Contains(pool_allowed_operations.ha_disable)) + return Messages.ENABLE_TLS_VERIFICATION_HA_DISABLING; + + if (pool.current_operations.Values.Contains(pool_allowed_operations.cluster_create)) + return Messages.ENABLE_TLS_VERIFICATION_CLUSTERING; + + if (pool.current_operations.Values.Contains(pool_allowed_operations.designate_new_master)) + return Messages.ENABLE_TLS_VERIFICATION_NEW_MASTER; + } + + return base.GetCantExecuteReasonCore(item); + } + + public override string MenuText => Messages.ENABLE_TLS_VERIFICATION_MENU; + } +} diff --git a/XenAdmin/MainWindow.Designer.cs b/XenAdmin/MainWindow.Designer.cs index de4ff9c4e..5a23fa1cc 100644 --- a/XenAdmin/MainWindow.Designer.cs +++ b/XenAdmin/MainWindow.Designer.cs @@ -279,6 +279,7 @@ namespace XenAdmin this.toolStripMenuItemRotateSecret = new XenAdmin.Commands.CommandToolStripMenuItem(); this.toolStripMenuItemHaConfigure = new XenAdmin.Commands.CommandToolStripMenuItem(); this.toolStripMenuItemHaDisable = new XenAdmin.Commands.CommandToolStripMenuItem(); + this.toolStripMenuItemEnableTls = new XenAdmin.Commands.CommandToolStripMenuItem(); ((System.ComponentModel.ISupportInitialize)(this.splitContainer1)).BeginInit(); this.splitContainer1.Panel1.SuspendLayout(); this.splitContainer1.Panel2.SuspendLayout(); @@ -924,6 +925,7 @@ namespace XenAdmin this.toolStripSeparator9, this.changePoolPasswordToolStripMenuItem, this.toolStripMenuItemRotateSecret, + this.toolStripMenuItemEnableTls, this.toolStripMenuItem1, this.deleteToolStripMenuItem, this.toolStripSeparator26, @@ -1965,6 +1967,12 @@ namespace XenAdmin this.toolStripMenuItemHaDisable.Command = new XenAdmin.Commands.HADisableCommand(); resources.ApplyResources(this.toolStripMenuItemHaDisable, "toolStripMenuItemHaDisable"); // + // toolStripMenuItemEnableTls + // + this.toolStripMenuItemEnableTls.Name = "toolStripMenuItemEnableTls"; + this.toolStripMenuItemEnableTls.Command = new XenAdmin.Commands.EnableTlsVerificationCommand(); + resources.ApplyResources(this.toolStripMenuItemEnableTls, "toolStripMenuItemEnableTls"); + // // MainWindow // resources.ApplyResources(this, "$this"); @@ -2243,6 +2251,7 @@ namespace XenAdmin private XenAdmin.Commands.CommandToolStripMenuItem toolStripMenuItemRotateSecret; private XenAdmin.Commands.CommandToolStripMenuItem toolStripMenuItemHaConfigure; private XenAdmin.Commands.CommandToolStripMenuItem toolStripMenuItemHaDisable; + private XenAdmin.Commands.CommandToolStripMenuItem toolStripMenuItemEnableTls; } } diff --git a/XenAdmin/MainWindow.cs b/XenAdmin/MainWindow.cs index 617a7205b..615d344ab 100755 --- a/XenAdmin/MainWindow.cs +++ b/XenAdmin/MainWindow.cs @@ -869,7 +869,7 @@ namespace XenAdmin RequestRefreshTreeView(); } - void connection_CachePopulated(IXenConnection connection) + private void connection_CachePopulated(IXenConnection connection) { Host master = Helpers.GetMaster(connection); if (master == null) @@ -992,6 +992,33 @@ namespace XenAdmin HealthCheck.SendMetadataToHealthCheck(); RequestRefreshTreeView(); + + CheckTlsVerification(connection); + } + + private void CheckTlsVerification(IXenConnection connection) + { + //Use BeginInvoke so the UI is not blocked in a connection-in-progress state + + Program.BeginInvoke(Program.MainWindow, () => + { + var pool = Helpers.GetPoolOfOne(connection); + var cmd = new EnableTlsVerificationCommand(Program.MainWindow, pool, false); + + if (cmd.CanExecute()) + { + var msg = string.Format("{0}\n\n{1}", + string.Format(Messages.MESSAGEBOX_ENABLE_TLS_VERIFICATION_BLURB, Helpers.GetName(connection)), + Messages.MESSAGEBOX_ENABLE_TLS_VERIFICATION_WARNING); + + using (var dlg = new WarningDialog(msg, + new ThreeButtonDialog.TBDButton(Messages.MESSAGEBOX_ENABLE_TLS_VERIFICATION_BUTTON, + DialogResult.Yes, ThreeButtonDialog.ButtonType.ACCEPT, true), + ThreeButtonDialog.ButtonNo)) + if (dlg.ShowDialog(this) == DialogResult.Yes) + cmd.Execute(); + } + }); } private void CheckHealthCheckEnrollment(object connection) @@ -1681,6 +1708,10 @@ namespace XenAdmin toolStripMenuItemRotateSecret.Available = SelectionManager.Selection.Any(s => s.Connection != null && Helpers.StockholmOrGreater(s.Connection) && !s.Connection.Cache.Hosts.Any(Host.RestrictPoolSecretRotation)); + toolStripMenuItemEnableTls.Available = SelectionManager.Selection.Any(s => + s.Connection != null && Helpers.PostStockholm(s.Connection) && + !s.Connection.Cache.Hosts.Any(Host.RestrictCertificateVerification) && + s.Connection.Cache.Pools.Any(p => !p.tls_verification_enabled)); } private void xenSourceOnTheWebToolStripMenuItem_Click(object sender, EventArgs e) diff --git a/XenAdmin/MainWindow.resx b/XenAdmin/MainWindow.resx index 2a49a162f..9c476b63e 100644 --- a/XenAdmin/MainWindow.resx +++ b/XenAdmin/MainWindow.resx @@ -1981,13 +1981,13 @@ 274, 6 - 180, 22 + 156, 22 &Configure HA... - 180, 22 + 156, 22 &Disable HA @@ -2058,6 +2058,12 @@ Rotate &Pool Secret + + 277, 22 + + + Enable Certificate Veri&fication + 274, 6 @@ -4033,18 +4039,24 @@ toolStripMenuItemRotateSecret - XenAdmin.Commands.CommandToolStripMenuItem, XenCenterMain, Version=0.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + XenAdmin.Commands.CommandToolStripMenuItem, XenCenterMain, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null toolStripMenuItemHaConfigure - System.Windows.Forms.ToolStripMenuItem, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + XenAdmin.Commands.CommandToolStripMenuItem, XenCenterMain, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null toolStripMenuItemHaDisable + XenAdmin.Commands.CommandToolStripMenuItem, XenCenterMain, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null + + + toolStripMenuItemEnableTls + + System.Windows.Forms.ToolStripMenuItem, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 @@ -4053,4 +4065,4 @@ System.Windows.Forms.Form, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - + \ No newline at end of file diff --git a/XenAdmin/TabPages/GeneralTabPage.cs b/XenAdmin/TabPages/GeneralTabPage.cs index afe422e09..aa610a2d9 100644 --- a/XenAdmin/TabPages/GeneralTabPage.cs +++ b/XenAdmin/TabPages/GeneralTabPage.cs @@ -414,32 +414,32 @@ namespace XenAdmin.TabPages if (xenObject is Host && (xenObject.Connection == null || !xenObject.Connection.IsConnected)) { - generateDisconnectedHostBox(); + GenerateDisconnectedHostBox(); } else if (xenObject is DockerContainer) { - generateDockerContainerGeneralBox(); + GenerateDockerContainerGeneralBox(); } else { - generateGeneralBox(); + GenerateGeneralBox(); GenerateCertificateBox(); - generateCustomFieldsBox(); - generateInterfaceBox(); - generateMemoryBox(); - generateVersionBox(); - generateLicenseBox(); - generateCPUBox(); - generateHostPatchesBox(); - generateBootBox(); - generateHABox(); - generateStatusBox(); - generateMultipathBox(); - generatePoolPatchesBox(); - generateMultipathBootBox(); - generateVCPUsBox(); - generateDockerInfoBox(); - generateReadCachingBox(); + GenerateCustomFieldsBox(); + GenerateInterfaceBox(); + GenerateMemoryBox(); + GenerateVersionBox(); + GenerateLicenseBox(); + GenerateCPUBox(); + GenerateHostPatchesBox(); + GenerateBootBox(); + GenerateHABox(); + GenerateStatusBox(); + GenerateMultipathBox(); + GeneratePoolPatchesBox(); + GenerateMultipathBootBox(); + GenerateVCPUsBox(); + GenerateDockerInfoBox(); + GenerateReadCachingBox(); } // hide all the sections which haven't been populated, those that have make sure are visible @@ -461,7 +461,7 @@ namespace XenAdmin.TabPages UpdateButtons(); } - private void generateInterfaceBox() + private void GenerateInterfaceBox() { Host Host = xenObject as Host; Pool Pool = xenObject as Pool; @@ -529,7 +529,7 @@ namespace XenAdmin.TabPages } } - private void generateCustomFieldsBox() + private void GenerateCustomFieldsBox() { List customFields = CustomFieldsManager.CustomFieldValues(xenObject); if (customFields.Count <= 0) @@ -556,7 +556,7 @@ namespace XenAdmin.TabPages } } - private void generatePoolPatchesBox() + private void GeneratePoolPatchesBox() { Pool pool = xenObject as Pool; if (pool == null) @@ -593,7 +593,7 @@ namespace XenAdmin.TabPages } } - private void generateHostPatchesBox() + private void GenerateHostPatchesBox() { Host host = xenObject as Host; if (host == null) @@ -647,7 +647,7 @@ namespace XenAdmin.TabPages } } - private void generateHABox() + private void GenerateHABox() { VM vm = xenObject as VM; if (vm == null) @@ -663,7 +663,7 @@ namespace XenAdmin.TabPages new PropertiesToolStripMenuItem(new VmEditHaCommand(Program.MainWindow, xenObject))); } - private void generateStatusBox() + private void GenerateStatusBox() { SR sr = xenObject as SR; if (sr == null) @@ -734,7 +734,7 @@ namespace XenAdmin.TabPages } } - private void generateMultipathBox() + private void GenerateMultipathBox() { SR sr = xenObject as SR; if (sr == null) @@ -863,7 +863,7 @@ namespace XenAdmin.TabPages s.AddEntry(title, row); } - private void generateMultipathBootBox() + private void GenerateMultipathBootBox() { Host host = xenObject as Host; if (host == null) @@ -882,7 +882,7 @@ namespace XenAdmin.TabPages s.AddEntry(Messages.STATUS, text); } - private void generateBootBox() + private void GenerateBootBox() { VM vm = xenObject as VM; if (vm == null) @@ -904,7 +904,7 @@ namespace XenAdmin.TabPages } } - private void generateLicenseBox() + private void GenerateLicenseBox() { Host host = xenObject as Host; if (host == null) @@ -1000,7 +1000,7 @@ namespace XenAdmin.TabPages } } - private void generateVersionBox() + private void GenerateVersionBox() { Host host = xenObject as Host; @@ -1025,7 +1025,7 @@ namespace XenAdmin.TabPages pdSectionVersion.AddEntry("DBV", host.software_version["dbv"]); } - private void generateCPUBox() + private void GenerateCPUBox() { Host host = xenObject as Host; if (host == null) @@ -1053,7 +1053,7 @@ namespace XenAdmin.TabPages } } - private void generateVCPUsBox() + private void GenerateVCPUsBox() { VM vm = xenObject as VM; if (vm == null) @@ -1067,7 +1067,7 @@ namespace XenAdmin.TabPages s.AddEntry(FriendlyName("VM.Topology"), vm.Topology()); } - private void generateDisconnectedHostBox() + private void GenerateDisconnectedHostBox() { IXenConnection conn = xenObject.Connection; @@ -1103,7 +1103,7 @@ namespace XenAdmin.TabPages } } - private void generateGeneralBox() + private void GenerateGeneralBox() { PDSection s = pdSectionGeneral; @@ -1122,7 +1122,9 @@ namespace XenAdmin.TabPages if (xenObject is Host host) { - if (Helpers.GetPool(xenObject.Connection) != null) + var isStandAloneHost = Helpers.GetPool(xenObject.Connection) == null; + + if (!isStandAloneHost) s.AddEntry(Messages.POOL_MASTER, host.IsMaster() ? Messages.YES : Messages.NO); if (!host.IsLive()) @@ -1131,12 +1133,9 @@ namespace XenAdmin.TabPages } else if (!host.enabled) { - var item = new ToolStripMenuItem(Messages.EXIT_MAINTENANCE_MODE); - item.Click += delegate - { - new HostMaintenanceModeCommand(Program.MainWindow, host, - HostMaintenanceModeCommandParameter.Exit).Execute(); - }; + var item = new CommandToolStripMenuItem(new HostMaintenanceModeCommand( + Program.MainWindow, host, HostMaintenanceModeCommandParameter.Exit)); + s.AddEntry(FriendlyName("host.enabled"), host.MaintenanceMode() ? Messages.HOST_IN_MAINTENANCE_MODE : Messages.DISABLED, new[] { item }, @@ -1144,15 +1143,25 @@ namespace XenAdmin.TabPages } else { - var item = new ToolStripMenuItem(Messages.ENTER_MAINTENANCE_MODE); - item.Click += delegate - { - new HostMaintenanceModeCommand(Program.MainWindow, host, - HostMaintenanceModeCommandParameter.Enter).Execute(); - }; + var item = new CommandToolStripMenuItem(new HostMaintenanceModeCommand( + Program.MainWindow, host, HostMaintenanceModeCommandParameter.Enter)); + s.AddEntry(FriendlyName("host.enabled"), Messages.YES, item); } + if (isStandAloneHost && Helpers.PostStockholm(host)) + { + var pool = Helpers.GetPoolOfOne(xenObject.Connection); + + if (pool != null && pool.tls_verification_enabled) + s.AddEntry(Messages.CERTIFICATE_VERIFICATION_KEY, Messages.ENABLED); + else + s.AddEntry(Messages.CERTIFICATE_VERIFICATION_KEY, + Messages.DISABLED, + new[] {new CommandToolStripMenuItem(new EnableTlsVerificationCommand(Program.MainWindow, pool))}, + Color.Red); + } + s.AddEntry(FriendlyName("host.iscsi_iqn"), host.GetIscsiIqn(), new PropertiesToolStripMenuItem(new IqnPropertiesCommand(Program.MainWindow, xenObject))); @@ -1232,8 +1241,7 @@ namespace XenAdmin.TabPages } } - SR sr = xenObject as SR; - if (sr != null) + if (xenObject is SR sr) { s.AddEntry(Messages.TYPE, sr.FriendlyTypeName()); @@ -1265,8 +1273,7 @@ namespace XenAdmin.TabPages } } - Pool p = xenObject as Pool; - if (p != null) + if (xenObject is Pool p) { var additionalString = PoolAdditionalLicenseString(); s.AddEntry(Messages.POOL_LICENSE, @@ -1275,6 +1282,17 @@ namespace XenAdmin.TabPages : Helpers.GetFriendlyLicenseName(p)); s.AddEntry(Messages.NUMBER_OF_SOCKETS, p.CpuSockets().ToString()); + if (Helpers.PostStockholm(p.Connection)) + { + if (p.tls_verification_enabled) + s.AddEntry(Messages.CERTIFICATE_VERIFICATION_KEY, Messages.ENABLED); + else + s.AddEntry(Messages.CERTIFICATE_VERIFICATION_KEY, + Messages.DISABLED, + new[] {new CommandToolStripMenuItem(new EnableTlsVerificationCommand(Program.MainWindow, p))}, + Color.Red); + } + var master = p.Connection.Resolve(p.master); if (master != null) { @@ -1303,8 +1321,7 @@ namespace XenAdmin.TabPages } } - VDI vdi = xenObject as VDI; - if (vdi != null) + if (xenObject is VDI vdi) { s.AddEntry(Messages.SIZE, vdi.SizeText(), new PropertiesToolStripMenuItem(new VdiEditSizeLocationCommand(Program.MainWindow, xenObject))); @@ -1498,7 +1515,7 @@ namespace XenAdmin.TabPages } } - private void generateDockerContainerGeneralBox() + private void GenerateDockerContainerGeneralBox() { var dockerContainer = xenObject as DockerContainer; if (dockerContainer != null) @@ -1527,7 +1544,7 @@ namespace XenAdmin.TabPages } } - private void generateReadCachingBox() + private void GenerateReadCachingBox() { VM vm = xenObject as VM; if (vm == null || !vm.IsRunning()) @@ -1614,7 +1631,7 @@ namespace XenAdmin.TabPages ); } - private void generateMemoryBox() + private void GenerateMemoryBox() { Host host = xenObject as Host; if (host == null) @@ -1634,7 +1651,7 @@ namespace XenAdmin.TabPages s.AddEntry(key, string.IsNullOrEmpty(value) ? Messages.NONE : value); } - private void generateDockerInfoBox() + private void GenerateDockerInfoBox() { VM vm = xenObject as VM; if (vm == null) diff --git a/XenAdmin/XenAdmin.csproj b/XenAdmin/XenAdmin.csproj index c0a965d17..77f4b04cd 100755 --- a/XenAdmin/XenAdmin.csproj +++ b/XenAdmin/XenAdmin.csproj @@ -116,6 +116,7 @@ Component + diff --git a/XenModel/Messages.Designer.cs b/XenModel/Messages.Designer.cs index f50ecd4e5..35f2fe8d9 100755 --- a/XenModel/Messages.Designer.cs +++ b/XenModel/Messages.Designer.cs @@ -1095,6 +1095,24 @@ namespace XenAdmin { } } + /// + /// Looks up a localized string similar to Enabling certificate verification.... + /// + public static string ACTION_ENABLING_TLS_VERIFICATION { + get { + return ResourceManager.GetString("ACTION_ENABLING_TLS_VERIFICATION", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Enabling certificate verification on {0}.... + /// + public static string ACTION_ENABLING_TLS_VERIFICATION_ON { + get { + return ResourceManager.GetString("ACTION_ENABLING_TLS_VERIFICATION_ON", resourceCulture); + } + } + /// /// Looks up a localized string similar to Export failed due to a block checksum mismatch. Please retry the export.. /// @@ -7116,6 +7134,15 @@ namespace XenAdmin { } } + /// + /// Looks up a localized string similar to Certificate Verification. + /// + public static string CERTIFICATE_VERIFICATION_KEY { + get { + return ResourceManager.GetString("CERTIFICATE_VERIFICATION_KEY", resourceCulture); + } + } + /// /// Looks up a localized string similar to Ability to download updates. /// @@ -7822,6 +7849,15 @@ namespace XenAdmin { } } + /// + /// Looks up a localized string similar to Do you want to continue?. + /// + public static string CONFIRM_CONTINUE { + get { + return ResourceManager.GetString("CONFIRM_CONTINUE", resourceCulture); + } + } + /// /// Looks up a localized string similar to Are you sure you want to delete the selected {0}?. /// @@ -14908,6 +14944,71 @@ namespace XenAdmin { } } + /// + /// Looks up a localized string similar to You cannot enable certificate verification while the pool is in the process of creating a cluster.. + /// + public static string ENABLE_TLS_VERIFICATION_CLUSTERING { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_CLUSTERING", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to You cannot enable certificate verification while HA is being disabled on the pool.. + /// + public static string ENABLE_TLS_VERIFICATION_HA_DISABLING { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_HA_DISABLING", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to You cannot enable certificate verification when HA is on.. + /// + public static string ENABLE_TLS_VERIFICATION_HA_ENABLED { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_HA_ENABLED", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to You cannot enable certificate verification while HA is being enabled on the pool.. + /// + public static string ENABLE_TLS_VERIFICATION_HA_ENABLING { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_HA_ENABLING", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Enable Certificate Veri&fication. + /// + public static string ENABLE_TLS_VERIFICATION_MENU { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_MENU", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to You cannot enable certificate verification while a new master is being nominated in the pool.. + /// + public static string ENABLE_TLS_VERIFICATION_NEW_MASTER { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_NEW_MASTER", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to A {0} user does not have sufficient permissions to enable certificate verification. Please login using an account with one of the following roles: + /// + ///{1}. + /// + public static string ENABLE_TLS_VERIFICATION_RBAC_RESTRICTION { + get { + return ResourceManager.GetString("ENABLE_TLS_VERIFICATION_RBAC_RESTRICTION", resourceCulture); + } + } + /// /// Looks up a localized string similar to Res&ume. /// @@ -24067,6 +24168,33 @@ namespace XenAdmin { } } + /// + /// Looks up a localized string similar to Certificate verification is not enabled on '{0}'. Would you like to enable it now?. + /// + public static string MESSAGEBOX_ENABLE_TLS_VERIFICATION_BLURB { + get { + return ResourceManager.GetString("MESSAGEBOX_ENABLE_TLS_VERIFICATION_BLURB", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to &Yes, Enable certificate verification. + /// + public static string MESSAGEBOX_ENABLE_TLS_VERIFICATION_BUTTON { + get { + return ResourceManager.GetString("MESSAGEBOX_ENABLE_TLS_VERIFICATION_BUTTON", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Before enabling certificate verification ensure that there are no operations running in the pool, otherwise they will be interrupted.. + /// + public static string MESSAGEBOX_ENABLE_TLS_VERIFICATION_WARNING { + get { + return ResourceManager.GetString("MESSAGEBOX_ENABLE_TLS_VERIFICATION_WARNING", resourceCulture); + } + } + /// /// Looks up a localized string similar to Unable to connect to server '{0}'. ///{1} diff --git a/XenModel/Messages.resx b/XenModel/Messages.resx index dd6d23910..14baa137b 100755 --- a/XenModel/Messages.resx +++ b/XenModel/Messages.resx @@ -462,6 +462,12 @@ Enabling PVS-Accelerator for selected VMs + + Enabling certificate verification... + + + Enabling certificate verification on {0}... + Export failed due to a block checksum mismatch. Please retry the export. @@ -2577,6 +2583,9 @@ This will cancel compilation of the status report. Valid from {0} to {1} + + Certificate Verification + Ability to download updates @@ -2833,6 +2842,9 @@ Do you want to continue? Do you want to continue? + + Do you want to continue? + Are you sure you want to delete the selected {0}? @@ -5254,6 +5266,29 @@ Would you like to eject these ISOs before continuing? Choose the PVS site from which the selected VM is streamed. + + You cannot enable certificate verification while the pool is in the process of creating a cluster. + + + You cannot enable certificate verification while HA is being disabled on the pool. + + + You cannot enable certificate verification when HA is on. + + + You cannot enable certificate verification while HA is being enabled on the pool. + + + Enable Certificate Veri&fication + + + You cannot enable certificate verification while a new master is being nominated in the pool. + + + A {0} user does not have sufficient permissions to enable certificate verification. Please login using an account with one of the following roles: + +{1} + Res&ume @@ -8349,6 +8384,15 @@ Are you sure you want to detach this storage repository? Detach Multiple Virtual Disks + + Certificate verification is not enabled on '{0}'. Would you like to enable it now? + + + Before enabling certificate verification ensure that there are no operations running in the pool, otherwise they will be interrupted. + + + &Yes, Enable certificate verification + Unable to connect to server '{0}'. {1} diff --git a/XenModel/XenAPI-Extensions/Host.cs b/XenModel/XenAPI-Extensions/Host.cs index 803ce854e..fc138b292 100644 --- a/XenModel/XenAPI-Extensions/Host.cs +++ b/XenModel/XenAPI-Extensions/Host.cs @@ -312,6 +312,11 @@ namespace XenAPI return BoolKeyPreferTrue(h.license_params, "restrict_pool_secret_rotation"); } + public static bool RestrictCertificateVerification(Host h) + { + return BoolKeyPreferTrue(h.license_params, "restrict_certificate_verification"); + } + public static bool RestrictAlerts(Host h) { return BoolKeyPreferTrue(h.license_params, "restrict_email_alerting");