Implement an "allowed hosts" mechanism for the XML-RPC server layer, using

code from the relocation protocol handling and some plumbing.  Add a new
configuration entry for the Xen-API server, including use of this mechanism.

Signed-off-by: Ewan Mellor <ewan@xensource.com>

1 files changed, 26 insertions, 0 deletions

diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp
index 514e5c3f2b..79768c74eb 100644
--- a/tools/examples/xend-config.sxp
+++ b/tools/examples/xend-config.sxp
@@ -14,6 +14,32 @@
 #(logfile /var/log/xen/xend.log)
 #(loglevel DEBUG)
 
+# The Xen-API server configuration.  (Please note that this server is available
+# as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied upon).
+#
+# This value configures the ports, interfaces, and access controls for the
+# Xen-API server.  Each entry in the list starts with either unix, a port
+# number, or an address:port pair.  If this is "unix", then a UDP socket is
+# opened, and this entry applies to that.  If it is a port, then Xend will
+# listen on all interfaces on that TCP port, and if it is an address:port pair,
+# then Xend will listen on the specified port, using the interface with the
+# specified address.
+#
+# The subsequent string gives the access control for the listener in question. 
+# If this is missing or empty, then all connections are accepted.
+# Otherwise, this should be a space-separated sequence of regular expressions;
+# any host with a fully-qualified domain name or an IP address that matches one
+# of these regular expressions will be accepted.
+#
+# Example:
+#
+#  Listen on TCP port 9363 on all interfaces, accepting connections only from
+#  machines in example.com or localhost.
+#  (xen-api-server ((9363 '^localhost$ example\\.com$')))
+#
+# Default:
+#   (xen-api-server ((unix)))
+
 #(xend-http-server no)
 #(xend-unix-server no)
 #(xend-tcp-xmlrpc-server no)