6 files changed, 46 insertions, 4 deletions

diff --git a/lib/puppet/network/http/handler.rb b/lib/puppet/network/http/handler.rb
index c6d34fe43..679bb8dcd 100644
--- a/lib/puppet/network/http/handler.rb
+++ b/lib/puppet/network/http/handler.rb
@@ -4,6 +4,7 @@ end
 require 'puppet/network/http/api/v1'
 require 'puppet/network/rest_authorization'
 require 'puppet/network/rights'
+require 'resolv'
 
 module Puppet::Network::HTTP::Handler
     include Puppet::Network::HTTP::API::V1
@@ -125,6 +126,17 @@ module Puppet::Network::HTTP::Handler
         set_response(response, result.to_yaml)
     end
 
+    # resolve node name from peer's ip address
+    # this is used when the request is unauthenticated
+    def resolve_node(result)
+        begin
+            return Resolv.getname(result[:ip])
+        rescue => detail
+            Puppet.err "Could not resolve %s: %s" % [result[:ip], detail]
+        end
+        return result[:ip]
+    end
+
   private
 
     # LAK:NOTE This has to be here for testing; it's a stub-point so
diff --git a/lib/puppet/network/http/mongrel/rest.rb b/lib/puppet/network/http/mongrel/rest.rb
index d9913dc45..2f49506c8 100644
--- a/lib/puppet/network/http/mongrel/rest.rb
+++ b/lib/puppet/network/http/mongrel/rest.rb
@@ -71,6 +71,7 @@ class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
             result[:node] = dn_matchdata[1].to_str
             result[:authenticated] = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
+            result[:node] = resolve_node(result)
             result[:authenticated] = false
         end
 
diff --git a/lib/puppet/network/http/webrick/rest.rb b/lib/puppet/network/http/webrick/rest.rb
index 8120c87db..5f77da87a 100644
--- a/lib/puppet/network/http/webrick/rest.rb
+++ b/lib/puppet/network/http/webrick/rest.rb
@@ -1,4 +1,5 @@
 require 'puppet/network/http/handler'
+require 'resolv'
 
 class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
 
@@ -66,6 +67,8 @@ class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
         if cert = request.client_cert and nameary = cert.subject.to_a.find { |ary| ary[0] == "CN" }
             result[:node] = nameary[1]
             result[:authenticated] = true
+        else
+            result[:node] = resolve_node(result)
         end
 
         result
diff --git a/spec/unit/network/http/handler.rb b/spec/unit/network/http/handler.rb
index 0786d37d2..1d10447af 100755
--- a/spec/unit/network/http/handler.rb
+++ b/spec/unit/network/http/handler.rb
@@ -395,4 +395,24 @@ describe Puppet::Network::HTTP::Handler do
             end
         end
     end
+
+    describe "when resolving node" do
+        it "should use a look-up from the ip address" do
+            Resolv.expects(:getname).with("1.2.3.4").returns("host.domain.com")
+
+            @handler.resolve_node(:ip => "1.2.3.4")
+        end
+
+        it "should return the look-up result" do
+            Resolv.stubs(:getname).with("1.2.3.4").returns("host.domain.com")
+
+            @handler.resolve_node(:ip => "1.2.3.4").should == "host.domain.com"
+        end
+
+        it "should return the ip address if resolving fails" do
+            Resolv.stubs(:getname).with("1.2.3.4").raises(RuntimeError, "no such host")
+
+            @handler.resolve_node(:ip => "1.2.3.4").should == "1.2.3.4"
+        end
+    end
 end
diff --git a/spec/unit/network/http/mongrel/rest.rb b/spec/unit/network/http/mongrel/rest.rb
index 1926a6e45..317fdaf8b 100755
--- a/spec/unit/network/http/mongrel/rest.rb
+++ b/spec/unit/network/http/mongrel/rest.rb
@@ -194,11 +194,12 @@ describe "Puppet::Network::HTTP::MongrelREST" do
                 @handler.params(@request)[:authenticated].should be_false
             end
 
-            it "should not pass a node name to model method if no certificate information is present" do
+            it "should resolve the node name with an ip address look-up if no certificate is present" do
                 Puppet.settings.stubs(:value).returns "eh"
                 Puppet.settings.expects(:value).with(:ssl_client_header).returns "myheader"
                 @request.stubs(:params).returns("myheader" => nil)
-                @handler.params(@request).should_not be_include(:node)
+                @handler.expects(:resolve_node).returns("host.domain.com")
+                @handler.params(@request)[:node].should == "host.domain.com"
             end
         end
     end
diff --git a/spec/unit/network/http/webrick/rest.rb b/spec/unit/network/http/webrick/rest.rb
index 7600cff2c..9d9f20026 100755
--- a/spec/unit/network/http/webrick/rest.rb
+++ b/spec/unit/network/http/webrick/rest.rb
@@ -108,6 +108,8 @@ describe Puppet::Network::HTTP::WEBrickREST do
 
             it "should not allow clients to set the node via the request parameters" do
                 @request.stubs(:query).returns("node" => "foo")
+                @handler.stubs(:resolve_node)
+
                 @handler.params(@request)[:node].should be_nil
             end
 
@@ -138,9 +140,12 @@ describe Puppet::Network::HTTP::WEBrickREST do
                 @handler.params(@request)[:node].should == "host.domain.com"
             end
 
-            it "should not pass a node name to model method if no certificate is present" do
+            it "should resolve the node name with an ip address look-up if no certificate is present" do
                 @request.stubs(:client_cert).returns nil
-                @handler.params(@request).should_not be_include(:node)
+
+                @handler.expects(:resolve_node).returns(:resolved_node)
+
+                @handler.params(@request)[:node].should == :resolved_node
             end
         end
     end