From 168aa5f9d31f310caa2d8fb87b5d46d6e23b5821 Mon Sep 17 00:00:00 2001
From: Matt Schwager <schwag09@gmail.com>
Date: Wed, 17 Oct 2012 13:44:43 -0400
Subject: IP based ACLs working for CherryPy and Builtin Server. Rudimentary
 tests performed and passed.

---
 src/lib/Bcfg2/Server/CherryPyCore.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/lib/Bcfg2/Server/CherryPyCore.py')

diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py
index 6709a2f10..b4c296d4a 100644
--- a/src/lib/Bcfg2/Server/CherryPyCore.py
+++ b/src/lib/Bcfg2/Server/CherryPyCore.py
@@ -63,12 +63,13 @@ class Core(BaseCore):
             username = auth_content
             password = ""
 
-        if not self.check_acls(cherrypy.request.remote.ip):
-            raise cherrypy.HTTPError(403)
-
         # FIXME: Get client cert
         cert = None
         address = (cherrypy.request.remote.ip, cherrypy.request.remote.name)
+
+        if not self.check_acls(address[0]):
+            raise cherrypy.HTTPError(401)
+
         return self.authenticate(cert, username, password, address)
 
     @cherrypy.expose
-- 
cgit v1.2.3-1-g7c22