From ead022433a759686db6de02b91811de7ca166ac7 Mon Sep 17 00:00:00 2001
From: Matt Schwager <schwag09@gmail.com>
Date: Wed, 17 Oct 2012 14:02:19 -0400
Subject: Corrected acceptance of wildcard ('*') in ACL XML file.

---
 src/lib/Bcfg2/Server/Core.py      | 2 +-
 src/lib/Bcfg2/Server/SSLServer.py | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/lib/Bcfg2/Server/Core.py b/src/lib/Bcfg2/Server/Core.py
index e931a7bc0..c9fd76325 100644
--- a/src/lib/Bcfg2/Server/Core.py
+++ b/src/lib/Bcfg2/Server/Core.py
@@ -1076,7 +1076,7 @@ class BaseCore(object):
         """ Check if client IP is in list of accepted IPs """
         try:
             return (client in self.plugins['Acl'].config.ips or
-					'*' in self.plugins['Acl'].config)
+					'*' in self.plugins['Acl'].config.ips)
         except KeyError:
             # No ACL means accept all incoming ips (wildcard)
             return True
diff --git a/src/lib/Bcfg2/Server/SSLServer.py b/src/lib/Bcfg2/Server/SSLServer.py
index c2294eec9..f2fb4913a 100644
--- a/src/lib/Bcfg2/Server/SSLServer.py
+++ b/src/lib/Bcfg2/Server/SSLServer.py
@@ -209,10 +209,9 @@ class XMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
             password = ""
         cert = self.request.getpeercert()
         client_address = self.request.getpeername()
-        if not self.server.instance.check_acls(client_address[0]):
-            return False
-        return self.server.instance.authenticate(cert, username,
-                                                 password, client_address)
+        return (self.server.instance.authenticate(cert, username,
+                                                 password, client_address) and
+				self.server.instance.check_acls(client_address[0]))
 
     def parse_request(self):
         """Extends parse_request.
-- 
cgit v1.2.3-1-g7c22