diff options
author | Markus Roberts <Markus@reality.com> | 2009-09-10 12:31:35 -0700 |
---|---|---|
committer | James Turnbull <james@lovedthanlost.net> | 2009-09-14 07:57:03 +1000 |
commit | 7404e31d1ec418e9fdc276e0e619c045567cc00c (patch) | |
tree | 52420f9e2bb7f3f401456980692e261cfb7ad8f4 /lib | |
parent | 43443390ec210a9462631d400b27d68b33d6592d (diff) | |
download | puppet-7404e31d1ec418e9fdc276e0e619c045567cc00c.tar.gz puppet-7404e31d1ec418e9fdc276e0e619c045567cc00c.tar.xz puppet-7404e31d1ec418e9fdc276e0e619c045567cc00c.zip |
Fixs #2620 authconf interpolation, #2570 0-9 in domain names
Partial refactoring to clean up the case in the ticket (host
name containing dots, begining and ending with a digit, was
mistaken for an IP address) and a range of related edge cases.
Stopped short of a full refactoring (put off to 0.26 as #2623)
Added tests for numerous edge cases.
This also fixes the issue raised in #2570.
Signed-off-by: Markus Roberts <Markus@reality.com>
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/puppet/network/authstore.rb | 82 |
1 files changed, 29 insertions, 53 deletions
diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb index 4707f36a5..ab31faec8 100755 --- a/lib/puppet/network/authstore.rb +++ b/lib/puppet/network/authstore.rb @@ -220,8 +220,6 @@ module Puppet # and we're called with a MatchData whose capture 1 is puppet # we'll return a pattern of puppet.reductivelabs.com def interpolate(match) - return self if @name == :ip - clone = dup clone.pattern = clone.pattern.reverse.collect do |p| p.gsub(/\$(\d)/) { |m| match[$1.to_i] } @@ -279,63 +277,41 @@ module Puppet # Parse our input pattern and figure out what kind of allowal # statement it is. The output of this is used for later matching. def parse(value) - case value - when /^(\d+\.){1,3}\*$/ # an ip address with a '*' at the end + # Use the IPAddr class to determine if we've got a + # valid IP address. + @length = Integer($1) if value =~ /\/(\d+)$/ + begin + @pattern = IPAddr.new(value) @name = :ip - match = $1 - match.sub!(".", '') - ary = value.split(".") - - mask = case ary.index(match) - when 0; 8 - when 1; 16 - when 2; 24 - else - raise AuthStoreError, "Invalid IP pattern %s" % value - end - - @length = mask - - ary.pop - while ary.length < 4 - ary.push("0") - end - - begin - @pattern = IPAddr.new(ary.join(".") + "/" + mask.to_s) - rescue ArgumentError => detail - raise AuthStoreError, "Invalid IP address pattern %s" % value - end - when /^([a-zA-Z][-\w]*\.)+[-\w]+$/ # a full hostname - # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support - @name = :domain - @pattern = munge_name(value) - when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com - @name = :domain - @pattern = munge_name(value) - @pattern.pop # take off the '*' - @length = @pattern.length - when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2 - @name = :dynamic - @pattern = munge_name(value) - else - # Else, use the IPAddr class to determine if we've got a - # valid IP address. - if value =~ /\/(\d+)$/ - @length = Integer($1) - end - begin - @pattern = IPAddr.new(value) + rescue ArgumentError => detail + case value + when /^(\d+\.){1,3}\*$/ # an ip address with a '*' at the end @name = :ip - rescue ArgumentError => detail - # so nothing matched, let's match as an opaque value - # some sanity checks first - unless value =~ /^[a-zA-Z0-9][-a-zA-Z0-9_.@]*$/ - raise AuthStoreError, "Invalid pattern %s" % value + segments = value.split(".")[0..-2] + @length = 8*segments.length + begin + @pattern = IPAddr.new((segments+[0,0,0])[0,4].join(".") + "/" + @length.to_s) + rescue ArgumentError => detail + raise AuthStoreError, "Invalid IP address pattern %s" % value end + when /^([a-zA-Z0-9][-\w]*\.)+[-\w]+$/ # a full hostname + # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support + @name = :domain + @pattern = munge_name(value) + when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com + @name = :domain + @pattern = munge_name(value) + @pattern.pop # take off the '*' + @length = @pattern.length + when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2 + @name = :dynamic + @pattern = munge_name(value) + when /^[a-zA-Z0-9][-a-zA-Z0-9_.@]*$/ @pattern = [value] @length = nil # force an exact match @name = :opaque + else + raise AuthStoreError, "Invalid pattern %s" % value end end end |