| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The setting enable_post_connection_check doesn't exist on very many
versions of ruby, and on those systems there's no way to disable domain
name checking on HTTPS.
The recommended work-around is to replace certificates when they have
incorrect hostnames.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
In my patch for #3088 I made a erroneous assumption about the ruby exception
hierarchy and thus missed the fact that Timeout::error descends from both
SignalError and Interrupt. This is a partial reversion of the patch for #3088
to let these through so that more useful error messages can be produced.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changing rescues from the default to Exception (to catch errors that don't
descend from StandardError) had the unintended consequence of catching (and
suppressing) SystemExit.
This patch restores the behavior of by reraising the exception.
Of the other exceptions that fall through the same crack (NoMemoryError,
SignalException, LoadError, Interrupt, NotImplementedError, and ScriptError)
this patch also reraises NoMemoryError, SignalException, and Interrupt in the
same way and leaves the rest captured.
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We create temporary files in /tmp/ with predictable names. These
could be used by an attacker to DoS a box by setting a symlink to
some other file (say, /etc/shadow) and waiting for us to overwrite
it.
The minimalistic solution employed by this patch is to wrap all such
file writing with a paranoid wrapper that:
1) Check to see if the target exists
2) Issues a warning if it was a symlink
3) Deletes it
4) Waits (0.1 seconds if it was a file, 5 seconds if it was a symlink)
5) Opens the file with EXCL, which will fail if the file has come back.
If this succeeds (as it normally will) it has exactly the same semantics
as the original code (a must, as we are right at a release boundary).
However, under no circumstances will it follow a preexisting symlink (the
operating system guarantees this with EXCL) so the danger of an exploit
has been converted into the possibility of a failure, with an appropriate
warning.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The core bug here was a regression introduced by my IPv6 patch.
Wildcarded domains are stored as ["com","reductivelabs","*"] but
the code in question was assuming it was in normal order.
Added tests to prevet recurrence.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| | |
These are a grab-bag of code simplification changes I made in
the process of figuring out what was going on with #2881; they
should all be absolutely behavior neutral.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This removes some of the IPv4 centricism from authstore's handling
of IP addresses. It isn't full IPv6 support (and doesn't even fully
handle all the cases within its limited scope, as ruby's IPAddr
library does not work with hybrid addresses), but it should simplify
adding IPv6 support when the time comes.
|
| | |
| |
| |
| |
| | |
This patch fixes #2567 by always pre-validating IP addresses with a
strict regular expression check before calling IPAddr.new() on them.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit refactors the code in authstore to enable a fix for #2567,
goes part of the way towards fixing #2708 (DNS/reverse DNS dependence),
and is a start on #2623 (authstore needs to be refactored), though it
stops short of fully addressing some of the more egregious structural
issues ("opaque", ill-placed pattern transformations, etc.).
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disables the b64_zlib_yaml format if zlib cannot be loaded.
I've added a --no-zlib to make it possible to test this on a single
machine, but it might also be useful if someone finds themselves failing
to connect to a server that doesn't have zlib installed.
FactHandler' format is still hard-coded to YAML rather than using
facts.class.default_format
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Make sure that we don't try to do anything to webrick until it has
really started.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Clean up warning messages so that they don't fail when run inside the
test class.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
No message was being displayed on the server if a file could not be
opened by the file server.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace this message that looks like an error
debug: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
with
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit c702f76b271515e9c42dcb923d379fbfac4c83cd and turns it
into a documentation only fix. As it turns out, ENV should have never been
used at all, as the Rack docs say nothing about it *and* Passenger's
behaviour in 2.2.3 + 2.2.4 was completely broken and still is half-way broken
in 2.2.5 (but is OK with the Rack specs).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This modifies `supported_formats` to warn when the
`preferred_serialization_format` setting is invalid (and ignored in
favor of the default value).
I built the tests for this behavior alongside the existing
FormatHandler tests for *valid* `preferred_serialization_format` values
(and did some restructuring to extract common setup code to `before`
blocks).
Signed-off-by: Bruce Williams <bruce@codefluency.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
been parsed
When fixing #2424, we were adding a global allow (ie allow(*)) to
the plugins/modules mount.
Unfortunately global allow always win against any other rules that
can be defined in fileserver.conf.
This patch makes sure we add those global allow entries only if
we didn't get any rules from fileserver.conf
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| | |
This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
Signed-off-by: John A. Barbuto <jbarbuto@corp.sourceforge.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
less often
This is not the right fix, but more a hackish workaround.
Since 0.25, the facts are transmitted as GET parameters when a
node asks for a catalog. Most proxies or webserver have a size limit
which is sometimes reached. In this case the request is denied
and the node can't get its catalog.
The idea is to compress facts (some non-scientific studies show a
57% fact size decrease for an average node) when transmitting
those when asking for a catalog.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |/
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bundeling and renaming the pure ruby json library to addresses a
number of cross version serliaization bugs (#2615, et al).
This patch adds a subset of the files from the json_pure gem to
lib/puppet/external/pson (renamed to avoid conflicts with rails) so
that we will always have a known-good erialization format available.
The pure ruby json gem as distibuted defers to the compiled version
if it is installed. This is problematic in some circumstances so the
files that have been brought over have been modified to always and
only use the bundled version.
It's a large patch, so here's a breakdown of the change categories:
The majority of the lines are only marginally interesting:
* The json lib itself (in lib/puppet/external/pson) make up the bulk
of the lines.
* Renaming of json to pson make up the second largest group.
Somewhat more interesting are the following, which can be located by
searching the diffs for the indicated strings:
* Adjusting tests to reflect the changes
* Changing the encoding/decoding behavior so that nested structures
(e.g. resources) don't serialize as escaped strings. This should
make it much easier to process the results with external tools, if
needed. Search for "to_pson" and "to_pson_data_hash"
* Cleaning up the envelope/metadata
* Now provides a document_type (as opposed to a ruby class name) by
using a symple registration scheme instead of constant lookup
(search for "document_type")
* Added an api_version (search for "api_version")
* Added a hash for document metadata (search for "metadata")
* Removing the yaml monkeypatch and instead disabling yaml serialization
on ruby 1.8.1 in favor of pson (search for "yaml")
* Cleaning up the json/rails feature interaction (they're now totally
independent) (search for "feature")
|
| |
|
|
|
|
|
|
|
|
| |
There was a race condition between the layers (SSL vs. TCP/IP) that
permitted the creation of non-functional connections when webrick
managed the connection. This patch moves the responsibility into
our code via the provided callbacks and makes sure the socket is
valid before accepting the connection.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was an API compatibility problem with mongrel's HTTPResponse.start()
method between Mongrel 1.0.x and 1.1.x (the number of parameters changed).
The older version does not provide the option to set the response header
message which was used (redundantly with the response body) to return the
error message when the HTTP response was signaling an error.
In order to suport the older version the call was wrapped with a fallback
and the coresponding code in the other rest implementations was adjusted
to always send the error message in the response body. Then the rest
terminus was adjusted to pull the message from the response body (if it
is present) rather than from the header (which is only used as a fallback
for dealing with older puppetmasters), and the tests were augmeted to
verify this behaviour.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial refactoring to clean up the case in the ticket (host
name containing dots, begining and ending with a digit, was
mistaken for an IP address) and a range of related edge cases.
Stopped short of a full refactoring (put off to 0.26 as #2623)
Added tests for numerous edge cases.
This also fixes the issue raised in #2570.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |
|
|
|
|
|
| |
notes fixes specific issue by eliminating the specal case for
opaque strings which caused them to be strings when everything else
was arrays; adds nots and pending tests where FQDN support could be
added but stops short of a full refactor.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was a "There's A Hole In The Bucket" problem caused when trying
to establish a connection to get a certificate before there was
a certificate with which to establish the connection, ad
infinitum. The solution was to test for the presence of the
CA cert as well as the host cert before attempting to use them.
This patch modifies existing tests to pass with the new code (by
stubbing out the additional FileTests) and adds a new test which
catches the original problem.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Even though Puppet never transmist a charset information in its
response/request content-type, some proxy (especially Apache with the
infamous AddDefaultCharset configuration) may add this "incorrect"
information.
This patch makes sure that only the mime-type is used when looking
for the format associated with a response or a request.
The patch also provides a better error message when the client or server
code is fed with a request whose mime-type can not be mapped to a known
format.
It also fixes a typo noticed by the original reporter.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
Fix #2386, by checking either Request.env or ENV for the SSL environment
variables. This is necessary as Passenger 2.2.3 changed the location of
these vars, even though the Rack spec says nothing about ENV or these
variables.
|
| |
|
|
| |
specification conformance)
|
| |
|
|
| |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem is that URI.escape by default doesn't escape '+' (and
some other characters). But some web framework (at least webrick)
unescape the query string behind Puppet's back changing all '+'
to spaces corrupting facts containing '+' characters (like base64
encoded values).
The current fix makes sure we use CGI.escape for all query string
parameters. Indirection keys/path are still using URI escaping because
this part of the URI format shouldn't be handled like query string
parameters (otherwise '/' url separators are encoded which changes
the uri path).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Sam Livingston-Gray <geeksam@gmail.com>
|
| |
|
|
|
|
|
|
| |
When the PUT body is large enough that Mongrel::HTTPRequest#body returns a StringIO object instead of a String. StringIO#to_s then returns "<StringIO#8236987299>" instead of the string contents.
When that string is passed to YAML it returns false which is then passed to save_object without any real time checking.
This is a combination of patches from Jordan Curzon and Ricky Zhou.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opaque strings
This patch removes the limitation of allow/deny which were
only matching ip addresses or hostname (or pattern of).
It makes sure any kind of string can be matched (by strict
equality) while still keeping the old behaviour.
Opaque strings can only contains: alphanumeric characters, -
_ and @.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two problems:
* server->client communications is using Content-Type with the
direct format name instead of the format mime-type.
* client->server communications is not using Content-Type to
send the format of the serialized object. Instead it is using the
first member of the Accept header. The Accept header is usually
reserved for the other side, ie what the client will accept
when the server will respond.
This patch makes sure s->c communication contains correct Content-Type
headers.
This patch also adds a Content-Type header containing the mime-type of
the object sent by the client when saving.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
| |
Earlier ruby 1.8 versions do not have start_with? for Strings.
Found by John Barbuto.
|
| |
|
|
| |
Signed-off-by: Jordan Curzon <curzonj@gmail.com>
|
| |
|
|
|
|
|
|
| |
Mongrel::HttpRequest.query_parse outputs a params hash with nil
keys given certain query strings. Network::HTTP::Handler.decode_params
needs to check the incoming values.
Signed-off-by: Jordan Curzon <curzonj@gmail.com>
|
| |
|
|
|
|
| |
We just add a bit of information to the exception.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Also making some log messages more informative.
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Mongrel puppet code uses REMOTE_ADDR to set the ip address which will
be use to authenticate the client access.
Since mongrel is always used in a proxy mode with Puppet, REMOTE_ADDR
is always the address of the proxy (usually 127.0.0.1), which defeats
the purpose.
With this changeset, the mongrel code now uses the X-Forwarded-For
HTTP header value if it is passed over the REMOTE_ADDR.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Fixes #2268 "Rack::RewindableInput is not a valid input stream."
|
