diff options
Diffstat (limited to 'src/lib/Bcfg2/Server/CherryPyCore.py')
-rw-r--r-- | src/lib/Bcfg2/Server/CherryPyCore.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py index fa66abce9..bf3be72f9 100644 --- a/src/lib/Bcfg2/Server/CherryPyCore.py +++ b/src/lib/Bcfg2/Server/CherryPyCore.py @@ -67,10 +67,13 @@ class Core(BaseCore): cert = None address = (cherrypy.request.remote.ip, cherrypy.request.remote.port) - if not self.check_acls(address[0]): - raise cherrypy.HTTPError(401) + rpcmethod = xmlrpcutil.process_body()[1] + if rpcmethod == 'ERRORMETHOD': + raise Exception("Unknown error processing XML-RPC request body") - return self.authenticate(cert, username, password, address) + if (not self.check_acls(address[0], rpcmethod) or + not self.authenticate(cert, username, password, address)): + raise cherrypy.HTTPError(401) @cherrypy.expose def default(self, *args, **params): # pylint: disable=W0613 |