diff options
author | Matt Schwager <schwag09@gmail.com> | 2012-10-15 12:34:07 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-12 08:35:32 -0500 |
commit | e8a5500535cb7c23ef3d687304033e50e80dbd3f (patch) | |
tree | e612938dde26bb1ea50a9d241cf519c247f30205 /src/lib | |
parent | 2ad656a8b9fe4fd364dff3a4f6e419699438c714 (diff) | |
download | bcfg2-e8a5500535cb7c23ef3d687304033e50e80dbd3f.tar.gz bcfg2-e8a5500535cb7c23ef3d687304033e50e80dbd3f.tar.bz2 bcfg2-e8a5500535cb7c23ef3d687304033e50e80dbd3f.zip |
IP based ACLs working for CherryPy Server. Still need to implement BuiltinServer and test.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/Bcfg2/Server/CherryPyCore.py | 3 | ||||
-rw-r--r-- | src/lib/Bcfg2/Server/Core.py | 7 | ||||
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Acl.py | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py index 936279508..6709a2f10 100644 --- a/src/lib/Bcfg2/Server/CherryPyCore.py +++ b/src/lib/Bcfg2/Server/CherryPyCore.py @@ -63,6 +63,9 @@ class Core(BaseCore): username = auth_content password = "" + if not self.check_acls(cherrypy.request.remote.ip): + raise cherrypy.HTTPError(403) + # FIXME: Get client cert cert = None address = (cherrypy.request.remote.ip, cherrypy.request.remote.name) diff --git a/src/lib/Bcfg2/Server/Core.py b/src/lib/Bcfg2/Server/Core.py index 90349ddf9..9ca540127 100644 --- a/src/lib/Bcfg2/Server/Core.py +++ b/src/lib/Bcfg2/Server/Core.py @@ -1072,6 +1072,13 @@ class BaseCore(object): return self.metadata.AuthenticateConnection(acert, user, password, address) + def check_acls(self, client): + """ Check if client IP is in list of accepted IPs """ + try: + return client in self.plugins['Acl'].config.ips + except KeyError: + return True + @exposed def GetDecisionList(self, address, mode): """ Get the decision list for the client with :func:`GetDecisions`. diff --git a/src/lib/Bcfg2/Server/Plugins/Acl.py b/src/lib/Bcfg2/Server/Plugins/Acl.py index 61162dfca..dd1077da1 100644 --- a/src/lib/Bcfg2/Server/Plugins/Acl.py +++ b/src/lib/Bcfg2/Server/Plugins/Acl.py @@ -13,7 +13,7 @@ class AclFile(Bcfg2.Server.Plugin.XMLFileBacked): if not os.path.exists(filename): LOGGER.warning("Acl: %s missing. " "Creating empty one for you." % filename) - open(filename, "w").write("<Acl></Acl>") + open(filename, "w").write("<IPs></IPs>") try: fam = core.fam |