summaryrefslogtreecommitdiffstats
path: root/lib/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'lib/puppet')
-rw-r--r--lib/puppet/network/http/rack/httphandler.rb18
-rw-r--r--lib/puppet/network/http/rack/rest.rb8
-rw-r--r--lib/puppet/network/http/rack/xmlrpc.rb8
3 files changed, 26 insertions, 8 deletions
diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/network/http/rack/httphandler.rb
index e14206850..31aa8371e 100644
--- a/lib/puppet/network/http/rack/httphandler.rb
+++ b/lib/puppet/network/http/rack/httphandler.rb
@@ -12,5 +12,23 @@ class Puppet::Network::HTTP::RackHttpHandler
raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)"
end
+ def ssl_client_header(request)
+ env_or_request_env(Puppet[:ssl_client_header], request)
+ end
+
+ def ssl_client_verify_header(request)
+ env_or_request_env(Puppet[:ssl_client_verify_header], request)
+ end
+
+ # Older Passenger versions passed all Environment vars in app(env),
+ # but since 2.2.3 they (some?) are really in ENV.
+ # Mongrel, etc. may also still use request.env.
+ def env_or_request_env(var, request)
+ if ENV.include?(var)
+ ENV[var]
+ else
+ request.env[var]
+ end
+ end
end
diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/http/rack/rest.rb
index 104751271..bdca651d1 100644
--- a/lib/puppet/network/http/rack/rest.rb
+++ b/lib/puppet/network/http/rack/rest.rb
@@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler
result[:ip] = request.ip
# if we find SSL info in the headers, use them to get a hostname.
- # try this with :ssl_client_header, which defaults should work for
- # Apache with StdEnvVars.
- if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+ # try this with :ssl_client_header.
+ # For Apache you need special configuration, see ext/rack/README.
+ if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
result[:node] = dn_matchdata[1].to_str
- result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
+ result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS')
else
result[:node] = resolve_node(result)
result[:authenticated] = false
diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/network/http/rack/xmlrpc.rb
index 4fc9e82fc..9d0f486bc 100644
--- a/lib/puppet/network/http/rack/xmlrpc.rb
+++ b/lib/puppet/network/http/rack/xmlrpc.rb
@@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler
ip = request.ip
# if we find SSL info in the headers, use them to get a hostname.
- # try this with :ssl_client_header, which defaults should work for
- # Apache with StdEnvVars.
- if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+ # try this with :ssl_client_header.
+ # For Apache you need special configuration, see ext/rack/README.
+ if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
node = dn_matchdata[1].to_str
- authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
+ authenticated = (ssl_client_verify_header(request) == 'SUCCESS')
else
begin
node = Resolv.getname(ip)
generated by cgit (git 2.34.1) at 2025-10-04 05:20:57 +0000