Final commit before 0.16.0

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1129 980ebf18-57e1-0310-9a29-db15c13687c0
author: luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> 2006-04-21 19:14:59 +0000
committer: luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> 2006-04-21 19:14:59 +0000
commit: a0b4553d3ad64d45c393443d84f0b02298e582b5 (patch)
tree: 55b5ff23edc624f7b5b9d988b64466930f095d72 /lib/puppet/server/servlet.rb
parent: 63cdc6cf6fa2c680173532cbbf989ee97c664e83 (diff)
download: puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.tar.gz
puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.tar.xz
puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.zip
1 files changed, 19 insertions, 6 deletions
diff --git a/lib/puppet/server/servlet.rb b/lib/puppet/server/servlet.rb
index f0b32efb0..dd34fcd03 100644
--- a/lib/puppet/server/servlet.rb
+++ b/lib/puppet/server/servlet.rb
@@ -34,15 +34,29 @@ class Server
         end
 
         # Verify that our client has access.  We allow untrusted access to
-        # puppetca methods but none others.
+        # puppetca methods but no others.
         def authorize(request, method)
             namespace = method.sub(/\..+/, '')
             client = request.peeraddr[2]
             ip = request.peeraddr[3]
             if request.client_cert
-                Servlet.log "Allowing %s(%s) trusted access to %s" %
-                    [client, ip, method]
-                return true
+                if @puppetserver.authconfig.exists?
+                    return @puppetserver.authconfig.allowed?(method, client, ip)
+                else
+                    # This is pretty hackish, but...
+                    # This means we can't actually test this method at this point.
+                    # The next release of Puppet will almost definitely require
+                    # this file to exist or will default to denying all access.
+                    if Puppet.name == "puppetmasterd" or defined? Test::Unit::TestCase
+                        Servlet.log "Allowing %s(%s) trusted access to %s" %
+                            [client, ip, method]
+                        return true
+                    else
+                        Servlet.log "Denying %s(%s) trusted access to %s on %s" %
+                            [client, ip, method, Puppet.name]
+                        return false
+                    end
+                end
             else
                 if method =~ /^puppetca\./
                     Puppet.notice "Allowing %s(%s) untrusted access to CA methods" %
@@ -69,8 +83,7 @@ class Server
         end
 
         def initialize(server, handlers)
-            #Puppet.info server.inspect
-            
+            @puppetserver = server
             # the servlet base class does not consume any arguments
             # and its BasicServer base class only accepts a 'class_delim'
             # option which won't change in Puppet at all
author	luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0>	2006-04-21 19:14:59 +0000
committer	luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0>	2006-04-21 19:14:59 +0000
commit	a0b4553d3ad64d45c393443d84f0b02298e582b5 (patch)
tree	55b5ff23edc624f7b5b9d988b64466930f095d72 /lib/puppet/server/servlet.rb
parent	63cdc6cf6fa2c680173532cbbf989ee97c664e83 (diff)
download	puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.tar.gz puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.tar.xz puppet-a0b4553d3ad64d45c393443d84f0b02298e582b5.zip