diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-12 07:48:33 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-12 09:18:38 -0500 |
commit | 5363e6d9a53146333da0d109aae170befc1b9481 (patch) | |
tree | 22f1180360c6844f3ca1f77a7cee59a01c05ad9b /src/lib/Bcfg2/Server/CherryPyCore.py | |
parent | d0cb9264234851ad65ec8502a56c3afefd39fbad (diff) | |
download | bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.gz bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.bz2 bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.zip |
Added client ACLs:
* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
Diffstat (limited to 'src/lib/Bcfg2/Server/CherryPyCore.py')
-rw-r--r-- | src/lib/Bcfg2/Server/CherryPyCore.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py index fa66abce9..bf3be72f9 100644 --- a/src/lib/Bcfg2/Server/CherryPyCore.py +++ b/src/lib/Bcfg2/Server/CherryPyCore.py @@ -67,10 +67,13 @@ class Core(BaseCore): cert = None address = (cherrypy.request.remote.ip, cherrypy.request.remote.port) - if not self.check_acls(address[0]): - raise cherrypy.HTTPError(401) + rpcmethod = xmlrpcutil.process_body()[1] + if rpcmethod == 'ERRORMETHOD': + raise Exception("Unknown error processing XML-RPC request body") - return self.authenticate(cert, username, password, address) + if (not self.check_acls(address[0], rpcmethod) or + not self.authenticate(cert, username, password, address)): + raise cherrypy.HTTPError(401) @cherrypy.expose def default(self, *args, **params): # pylint: disable=W0613 |