From 5363e6d9a53146333da0d109aae170befc1b9481 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Tue, 12 Feb 2013 07:48:33 -0500
Subject: Added client ACLs:

* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
---
 src/lib/Bcfg2/Server/CherryPyCore.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/lib/Bcfg2/Server/CherryPyCore.py')

diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py
index fa66abce9..bf3be72f9 100644
--- a/src/lib/Bcfg2/Server/CherryPyCore.py
+++ b/src/lib/Bcfg2/Server/CherryPyCore.py
@@ -67,10 +67,13 @@ class Core(BaseCore):
         cert = None
         address = (cherrypy.request.remote.ip, cherrypy.request.remote.port)
 
-        if not self.check_acls(address[0]):
-            raise cherrypy.HTTPError(401)
+        rpcmethod = xmlrpcutil.process_body()[1]
+        if rpcmethod == 'ERRORMETHOD':
+            raise Exception("Unknown error processing XML-RPC request body")
 
-        return self.authenticate(cert, username, password, address)
+        if (not self.check_acls(address[0], rpcmethod) or
+            not self.authenticate(cert, username, password, address)):
+            raise cherrypy.HTTPError(401)
 
     @cherrypy.expose
     def default(self, *args, **params):  # pylint: disable=W0613
-- 
cgit v1.2.3-1-g7c22