Merge branch '0.25.x'

Conflicts:
	lib/puppet/agent.rb
	lib/puppet/application/puppetd.rb
	lib/puppet/parser/ast/leaf.rb
	lib/puppet/util/rdoc/parser.rb

7 files changed, 66 insertions, 30 deletions

diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb
index ab31faec8..fb3d0145b 100755
--- a/lib/puppet/network/authstore.rb
+++ b/lib/puppet/network/authstore.rb
@@ -63,6 +63,11 @@ module Puppet
             @globalallow
         end
 
+        # does this auth store has any rules?
+        def empty?
+            @globalallow.nil? && @declarations.size == 0
+        end
+
         def initialize
             @globalallow = nil
             @declarations = []
diff --git a/lib/puppet/network/format_handler.rb b/lib/puppet/network/format_handler.rb
index 2ffbcef3d..e508a0283 100644
--- a/lib/puppet/network/format_handler.rb
+++ b/lib/puppet/network/format_handler.rb
@@ -129,6 +129,8 @@ module Puppet::Network::FormatHandler
             if list.include?(preferred_format)
                 list.delete(preferred_format)
                 list.unshift(preferred_format)
+            else
+                Puppet.warning "Value of 'preferred_serialization_format' ('#{preferred_format}') is invalid, using default ('#{list.first}')"
             end
             list
         end
diff --git a/lib/puppet/network/formats.rb b/lib/puppet/network/formats.rb
index df6ef399c..010c23521 100644
--- a/lib/puppet/network/formats.rb
+++ b/lib/puppet/network/formats.rb
@@ -39,6 +39,56 @@ Puppet::Network::FormatHandler.create(:yaml, :mime => "text/yaml") do
     end
 end
 
+# This is a "special" format which is used for the moment only when sending facts
+# as REST GET parameters (see Puppet::Configurer::FactHandler).
+# This format combines a yaml serialization, then zlib compression and base64 encoding.
+Puppet::Network::FormatHandler.create(:b64_zlib_yaml, :mime => "text/b64_zlib_yaml") do
+    require 'base64'
+    require 'zlib'
+
+    def intern(klass, text)
+        decode(text)
+    end
+
+    def intern_multiple(klass, text)
+        decode(text)
+    end
+
+    def render(instance)
+        yaml = instance.to_yaml
+
+        yaml = encode(fixup(yaml)) unless yaml.nil?
+        yaml
+    end
+
+    def render_multiple(instances)
+        yaml = instances.to_yaml
+
+        yaml = encode(fixup(yaml)) unless yaml.nil?
+        yaml
+    end
+
+    # Because of yaml issue in ruby 1.8.1...
+    def supported?(klass)
+        RUBY_VERSION != '1.8.1'
+    end
+
+    # fixup invalid yaml as per:
+    # http://redmine.ruby-lang.org/issues/show/1331
+    def fixup(yaml)
+        yaml.gsub!(/((?:&id\d+\s+)?!ruby\/object:.*?)\s*\?/) { "? #{$1}" }
+        yaml
+    end
+
+    def encode(text)
+        Base64.encode64(Zlib::Deflate.deflate(text, Zlib::BEST_COMPRESSION))
+    end
+
+    def decode(yaml)
+        YAML.load(Zlib::Inflate.inflate(Base64.decode64(yaml)))
+    end
+end
+
 
 Puppet::Network::FormatHandler.create(:marshal, :mime => "text/marshal") do
     # Marshal doesn't need the class name; it's serialized.
diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/network/http/rack/httphandler.rb
index 31aa8371e..e14206850 100644
--- a/lib/puppet/network/http/rack/httphandler.rb
+++ b/lib/puppet/network/http/rack/httphandler.rb
@@ -12,23 +12,5 @@ class Puppet::Network::HTTP::RackHttpHandler
         raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)"
     end
 
-    def ssl_client_header(request)
-        env_or_request_env(Puppet[:ssl_client_header], request)
-    end
-
-    def ssl_client_verify_header(request)
-        env_or_request_env(Puppet[:ssl_client_verify_header], request)
-    end
-
-    # Older Passenger versions passed all Environment vars in app(env),
-    # but since 2.2.3 they (some?) are really in ENV.
-    # Mongrel, etc. may also still use request.env.
-    def env_or_request_env(var, request)
-        if ENV.include?(var)
-            ENV[var]
-        else
-            request.env[var]
-        end
-    end
 end
 
diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/http/rack/rest.rb
index bdca651d1..104751271 100644
--- a/lib/puppet/network/http/rack/rest.rb
+++ b/lib/puppet/network/http/rack/rest.rb
@@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler
         result[:ip] = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             result[:node] = dn_matchdata[1].to_str
-            result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS')
+            result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             result[:node] = resolve_node(result)
             result[:authenticated] = false
diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/network/http/rack/xmlrpc.rb
index 9d0f486bc..4fc9e82fc 100644
--- a/lib/puppet/network/http/rack/xmlrpc.rb
+++ b/lib/puppet/network/http/rack/xmlrpc.rb
@@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler
         ip = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             node = dn_matchdata[1].to_str
-            authenticated = (ssl_client_verify_header(request) == 'SUCCESS')
+            authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             begin
                 node = Resolv.getname(ip)
diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb
index a863d3a20..2dae9ccd8 100644
--- a/lib/puppet/network/http_server/webrick.rb
+++ b/lib/puppet/network/http_server/webrick.rb
@@ -21,13 +21,10 @@ module Puppet
             # with them, with flags appropriate for checking client
             # certificates for revocation
             def x509store
-                if Puppet[:cacrl] == 'false'
+                unless File.exist?(Puppet[:cacrl])
                     # No CRL, no store needed
                     return nil
                 end
-                unless File.exist?(Puppet[:cacrl])
-                    raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage"
-                end
                 crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
                 store = OpenSSL::X509::Store.new
                 store.purpose = OpenSSL::X509::PURPOSE_ANY