diff options
| author | Markus Roberts <Markus@reality.com> | 2009-12-21 16:45:54 -0800 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-12-24 00:04:05 +1100 |
| commit | e4bb5294d9e13d73a87b79c65039e2f6a15b2815 (patch) | |
| tree | a38e5702fbdb714432c403bf03ae87b097e12d91 | |
| parent | 776be7c8fe96bc2505d60470eedea220aa60d276 (diff) | |
| download | puppet-e4bb5294d9e13d73a87b79c65039e2f6a15b2815.tar.gz puppet-e4bb5294d9e13d73a87b79c65039e2f6a15b2815.tar.xz puppet-e4bb5294d9e13d73a87b79c65039e2f6a15b2815.zip | |
Fix for #2967 (RFC-1123 problem and regression on wildcarded domains)
The core bug here was a regression introduced by my IPv6 patch.
Wildcarded domains are stored as ["com","reductivelabs","*"] but
the code in question was assuming it was in normal order.
Added tests to prevet recurrence.
Signed-off-by: Markus Roberts <Markus@reality.com>
| -rwxr-xr-x | lib/puppet/network/authstore.rb | 2 | ||||
| -rw-r--r-- | spec/unit/network/authstore.rb | 22 |
2 files changed, 23 insertions, 1 deletions
diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb index 796d3d830..a7029a0a0 100755 --- a/lib/puppet/network/authstore.rb +++ b/lib/puppet/network/authstore.rb @@ -240,7 +240,7 @@ module Puppet # Change to /^(\w[-\w]*\.)+[-\w]+\.?$/ for FQDN support [:domain,:exact,nil,munge_name(value)] when /^\*(\.(\w[-\w]*)){1,}$/ # *.domain.com - host_sans_star = munge_name(value)[1..-1] + host_sans_star = munge_name(value)[0..-2] [:domain,:inexact,host_sans_star.length,host_sans_star] when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2 [:dynamic,:exact,nil,munge_name(value)] diff --git a/spec/unit/network/authstore.rb b/spec/unit/network/authstore.rb index c822c9002..58eb92693 100644 --- a/spec/unit/network/authstore.rb +++ b/spec/unit/network/authstore.rb @@ -278,6 +278,28 @@ describe Puppet::Network::AuthStore::Declaration do end } + ['abc.12seps.edu.phisher.biz','www.google.com','slashdot.org'].each { |host| + (1...(host.split('.').length)).each { |n| + describe "when the pattern is #{"*."+host.split('.')[-n,n].join('.')}" do + before :each do + @pattern = "*."+host.split('.')[-n,n].join('.') + @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@pattern) + end + it "should match #{host}" do + @declaration.should be_match(host,'1.2.3.4') + end + it "should not match www.testsite.gov" do + @declaration.should_not be_match('www.testsite.gov','200.101.99.98') + end + it "should not match hosts that differ in the first non-wildcard segment" do + other = host.split('.') + other[-n].succ! + @declaration.should_not be_match(other.join('.'),'1.2.3.4') + end + end + } + } + describe "when the pattern is a FQDN" do before :each do @host = 'spirit.mars.nasa.gov.' |