diff options
| author | Christian Hofstaedtler <hofstaedtler@inqnet.at> | 2009-08-02 08:26:04 +0000 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-08-03 10:00:17 +1000 |
| commit | c702f76b271515e9c42dcb923d379fbfac4c83cd (patch) | |
| tree | 21c56e651645ca69ceeb3bc44937a17de4290008 /lib/puppet | |
| parent | ca17b3c4dec9a095b7e1bf24a55edbaaa6561a00 (diff) | |
| download | puppet-c702f76b271515e9c42dcb923d379fbfac4c83cd.tar.gz puppet-c702f76b271515e9c42dcb923d379fbfac4c83cd.tar.xz puppet-c702f76b271515e9c42dcb923d379fbfac4c83cd.zip | |
rack: SSL Env vars can be in Request.env or ENV
Fix #2386, by checking either Request.env or ENV for the SSL environment
variables. This is necessary as Passenger 2.2.3 changed the location of
these vars, even though the Rack spec says nothing about ENV or these
variables.
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/network/http/rack/httphandler.rb | 18 | ||||
| -rw-r--r-- | lib/puppet/network/http/rack/rest.rb | 8 | ||||
| -rw-r--r-- | lib/puppet/network/http/rack/xmlrpc.rb | 8 |
3 files changed, 26 insertions, 8 deletions
diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/network/http/rack/httphandler.rb index e14206850..31aa8371e 100644 --- a/lib/puppet/network/http/rack/httphandler.rb +++ b/lib/puppet/network/http/rack/httphandler.rb @@ -12,5 +12,23 @@ class Puppet::Network::HTTP::RackHttpHandler raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)" end + def ssl_client_header(request) + env_or_request_env(Puppet[:ssl_client_header], request) + end + + def ssl_client_verify_header(request) + env_or_request_env(Puppet[:ssl_client_verify_header], request) + end + + # Older Passenger versions passed all Environment vars in app(env), + # but since 2.2.3 they (some?) are really in ENV. + # Mongrel, etc. may also still use request.env. + def env_or_request_env(var, request) + if ENV.include?(var) + ENV[var] + else + request.env[var] + end + end end diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/http/rack/rest.rb index 104751271..bdca651d1 100644 --- a/lib/puppet/network/http/rack/rest.rb +++ b/lib/puppet/network/http/rack/rest.rb @@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler result[:ip] = request.ip # if we find SSL info in the headers, use them to get a hostname. - # try this with :ssl_client_header, which defaults should work for - # Apache with StdEnvVars. - if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + # try this with :ssl_client_header. + # For Apache you need special configuration, see ext/rack/README. + if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) result[:node] = dn_matchdata[1].to_str - result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS') + result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS') else result[:node] = resolve_node(result) result[:authenticated] = false diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/network/http/rack/xmlrpc.rb index 4fc9e82fc..9d0f486bc 100644 --- a/lib/puppet/network/http/rack/xmlrpc.rb +++ b/lib/puppet/network/http/rack/xmlrpc.rb @@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler ip = request.ip # if we find SSL info in the headers, use them to get a hostname. - # try this with :ssl_client_header, which defaults should work for - # Apache with StdEnvVars. - if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + # try this with :ssl_client_header. + # For Apache you need special configuration, see ext/rack/README. + if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) node = dn_matchdata[1].to_str - authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS') + authenticated = (ssl_client_verify_header(request) == 'SUCCESS') else begin node = Resolv.getname(ip) |