diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-07 10:01:16 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-14 15:12:20 -0500 |
commit | 893acc1735794e6df9d290c30d9911621bb2a927 (patch) | |
tree | 5ef81f17ef18e397de6da6f42444f05bd7f1d34e /src/lib/Bcfg2/Server | |
parent | fd67a2735ada342251cb6baaa4e678532566e975 (diff) | |
download | bcfg2-893acc1735794e6df9d290c30d9911621bb2a927.tar.gz bcfg2-893acc1735794e6df9d290c30d9911621bb2a927.tar.bz2 bcfg2-893acc1735794e6df9d290c30d9911621bb2a927.zip |
Metadata: allowed setting global default authentication type
Diffstat (limited to 'src/lib/Bcfg2/Server')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Metadata.py | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index d74db5eb4..9fdee96ab 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -677,8 +677,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, self.raddresses[clname] = set() self.raddresses[clname].add(caddr) if 'auth' in client.attrib: - self.auth[client.get('name')] = client.get('auth', - 'cert+password') + self.auth[client.get('name')] = client.get('auth') if 'uuid' in client.attrib: self.uuid[client.get('uuid')] = clname if client.get('secure', 'false').lower() == 'true': @@ -1192,7 +1191,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, # look at cert.cN client = certinfo['commonName'] self.debug_log("Got cN %s; using as client name" % client) - auth_type = self.auth.get(client, 'cert+password') + auth_type = self.auth.get(client, + self.core.setup['authentication']) elif user == 'root': id_method = 'address' try: @@ -1215,12 +1215,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, self.debug_log("Authenticating client %s" % client) # next we validate the address - if id_method == 'uuid': - addr_is_valid = True - else: - addr_is_valid = self.validate_client_address(client, address) - - if not addr_is_valid: + if (id_method != 'uuid' and + not self.validate_client_address(client, address)): return False if id_method == 'cert' and auth_type != 'cert+password': @@ -1230,23 +1226,19 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, # we are done if cert+password not required return True - if client not in self.passwords: - if client in self.secure: - self.logger.error("Client %s in secure mode but has no " - "password" % address[0]) - return False - if password != self.password: - self.logger.error("Client %s used incorrect global password" % - address[0]) - return False + if client not in self.passwords and client in self.secure: + self.logger.error("Client %s in secure mode but has no password" % + address[0]) + return False + if client not in self.secure: if client in self.passwords: plist = [self.password, self.passwords[client]] else: plist = [self.password] if password not in plist: - self.logger.error("Client %s failed to use either allowed " - "password" % address[0]) + self.logger.error("Client %s failed to use an allowed password" + % address[0]) return False else: # client in secure mode and has a client password |