IP based ACLs working for CherryPy and Builtin Server. Rudimentary tests performed and passed.

author: Matt Schwager <schwag09@gmail.com> 2012-10-17 13:44:43 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-02-12 08:35:32 -0500
commit: 168aa5f9d31f310caa2d8fb87b5d46d6e23b5821 (patch)
tree: ac35385b07db6ac87c828b6181c5f9c679b53ee1 /src/lib/Bcfg2/Server/CherryPyCore.py
parent: e8a5500535cb7c23ef3d687304033e50e80dbd3f (diff)
download: bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.tar.gz
bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.tar.bz2
bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py
index 6709a2f10..b4c296d4a 100644
--- a/src/lib/Bcfg2/Server/CherryPyCore.py
+++ b/src/lib/Bcfg2/Server/CherryPyCore.py
@@ -63,12 +63,13 @@ class Core(BaseCore):
             username = auth_content
             password = ""
 
-        if not self.check_acls(cherrypy.request.remote.ip):
-            raise cherrypy.HTTPError(403)
-
         # FIXME: Get client cert
         cert = None
         address = (cherrypy.request.remote.ip, cherrypy.request.remote.name)
+
+        if not self.check_acls(address[0]):
+            raise cherrypy.HTTPError(401)
+
         return self.authenticate(cert, username, password, address)
 
     @cherrypy.expose
author	Matt Schwager <schwag09@gmail.com>	2012-10-17 13:44:43 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-02-12 08:35:32 -0500
commit	168aa5f9d31f310caa2d8fb87b5d46d6e23b5821 (patch)
tree	ac35385b07db6ac87c828b6181c5f9c679b53ee1 /src/lib/Bcfg2/Server/CherryPyCore.py
parent	e8a5500535cb7c23ef3d687304033e50e80dbd3f (diff)
download	bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.tar.gz bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.tar.bz2 bcfg2-168aa5f9d31f310caa2d8fb87b5d46d6e23b5821.zip