diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-01-14 00:20:14 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-01-14 00:20:14 +0000 |
| commit | ad9d3658470c175c46b55e37a005b338078a1d4e (patch) | |
| tree | e9528d439881d85461a90fe551a317729dee7998 /lib/puppet/server/fileserver.rb | |
| parent | 87b3bb111f2ea68cbeb875f07e826e4f75ea9eea (diff) | |
| download | puppet-ad9d3658470c175c46b55e37a005b338078a1d4e.tar.gz puppet-ad9d3658470c175c46b55e37a005b338078a1d4e.tar.xz puppet-ad9d3658470c175c46b55e37a005b338078a1d4e.zip | |
Adding a bit better logging and checking to file access
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@826 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib/puppet/server/fileserver.rb')
| -rwxr-xr-x | lib/puppet/server/fileserver.rb | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/lib/puppet/server/fileserver.rb b/lib/puppet/server/fileserver.rb index 9130b3df5..8122d6a09 100755 --- a/lib/puppet/server/fileserver.rb +++ b/lib/puppet/server/fileserver.rb @@ -19,6 +19,14 @@ class Server iface.add_method("string retrieve(string)") } + def authcheck(file, mount, client, clientip) + unless mount.allowed?(client, clientip) + Puppet.warning "%s cannot access %s in %s" % + [client, mount, file] + raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount + end + end + # Run 'retrieve' on a file. This gets the actual parameters, so # we can pass them to the client. def check(dir) @@ -49,9 +57,7 @@ class Server readconfig mount, path = splitpath(file) - unless mount.allowed?(client, clientip) - raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount - end + authcheck(file, mount, client, clientip) sdir = nil unless sdir = subdir(mount, path) @@ -140,9 +146,7 @@ class Server readconfig mount, path = splitpath(dir) - unless mount.allowed?(client, clientip) - raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount - end + authcheck(dir, mount, client, clientip) subdir = nil unless subdir = subdir(mount, path) @@ -245,7 +249,7 @@ class Server when "allow": value.split(/\s*,\s*/).each { |val| begin - mount.info "Allowing %s access" % val + mount.info "allowing %s access" % val mount.allow(val) rescue AuthStoreError => detail raise FileServerError, "%s at line %s of %s" % @@ -255,7 +259,7 @@ class Server when "deny": value.split(/\s*,\s*/).each { |val| begin - mount.info "Denying %s access" % val + mount.info "denying %s access" % val mount.deny(val) rescue AuthStoreError => detail raise FileServerError, "%s at line %s of %s" % @@ -301,9 +305,7 @@ class Server readconfig mount, path = splitpath(file) - unless mount.allowed?(client, clientip) - raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount - end + authcheck(file, mount, client, clientip) fpath = nil if path |