From bf701dcb819bf06449557b2ef6b2adf207a78586 Mon Sep 17 00:00:00 2001 From: luke Date: Thu, 15 Sep 2005 20:16:21 +0000 Subject: adding extra checks to make sure networking is secure, and refactoring a heckuva lot of test git-svn-id: https://reductivelabs.com/svn/puppet/trunk@671 980ebf18-57e1-0310-9a29-db15c13687c0 --- lib/puppet/server/servlet.rb | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'lib/puppet/server') diff --git a/lib/puppet/server/servlet.rb b/lib/puppet/server/servlet.rb index 4c45ebc62..2bc2dffc1 100644 --- a/lib/puppet/server/servlet.rb +++ b/lib/puppet/server/servlet.rb @@ -15,7 +15,20 @@ class Server end def authorize(request, method) - true + if request.client_cert + Puppet.info "Allowing %s(%s) trusted access to %s" % + [request.peeraddr[2], request.peeraddr[3], method] + return true + else + if method =~ /^puppetca\./ + Puppet.notice "Allowing %s(%s) untrusted access to CA methods" % + [request.peeraddr[2], request.peeraddr[3]] + else + Puppet.err "Unauthenticated client %s(%s) cannot call %s" % + [request.peeraddr[2], request.peeraddr[3], method] + return false + end + end end def initialize(server, handlers) @@ -79,12 +92,12 @@ class Server ) end - if request.client_cert - Puppet.info "client cert is %s" % request.client_cert - end - if request.server_cert - #Puppet.info "server cert is %s" % @request.server_cert - end + #if request.client_cert + # Puppet.info "client cert is %s" % request.client_cert + #end + #if request.server_cert + # Puppet.info "server cert is %s" % @request.server_cert + #end #p @request begin super -- cgit