diff options
| author | Alexander Sulfrian <alexander.sulfrian@fu-berlin.de> | 2015-10-13 16:30:19 +0200 |
|---|---|---|
| committer | Sol Jerome <sol.jerome@gmail.com> | 2015-10-13 13:11:02 -0500 |
| commit | ed93977a0d476105bb74600af0ff4954aa248c28 (patch) | |
| tree | c90643b0e77e0f81fe8fd44515deec776f087c6e | |
| parent | 2a3984f865b916dbf79b70510bf3af5966879a2e (diff) | |
| download | bcfg2-ed93977a0d476105bb74600af0ff4954aa248c28.tar.gz bcfg2-ed93977a0d476105bb74600af0ff4954aa248c28.tar.bz2 bcfg2-ed93977a0d476105bb74600af0ff4954aa248c28.zip | |
DefaultACL: Deny remote access to expire_metadata_cache
| -rw-r--r-- | src/lib/Bcfg2/Server/Core.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/Bcfg2/Server/Core.py b/src/lib/Bcfg2/Server/Core.py index 3db97f770..9e98f8636 100644 --- a/src/lib/Bcfg2/Server/Core.py +++ b/src/lib/Bcfg2/Server/Core.py @@ -119,7 +119,8 @@ class DefaultACL(Plugin, ClientACLs): def check_acl_ip(self, address, rmi): return (("." not in rmi and not rmi.endswith("_debug") and - rmi != 'get_statistics') or + rmi != 'get_statistics' and + rmi != 'expire_metadata_cache') or address[0] == "127.0.0.1") # in core we frequently want to catch all exceptions, regardless of |