← Back to branch summary

~lynxman/ubuntu/precise/puppet/puppetlabsfixbug12844

~lynxman/ubuntu/precise/puppet/puppetlabsfixbug12844

« back to all changes in this revision

Viewing changes to test/certmgr/inventory.rb

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-10-24 15:05:12 UTC
Revision ID: james.westby@ubuntu.com-20111024150512-yxqwfdp6hcs6of5l

Tags: 2.7.1-1ubuntu3.2

* SECURITY UPDATE: puppet master impersonation via incorrect certificates
  - debian/patches/CVE-2011-3872.patch: refactor certificate handling.
  - Thanks to upstream for providing the patch.
  - CVE-2011-3872

files added:
.pc/CVE-2011-3872.patch

.pc/CVE-2011-3872.patch/acceptance

.pc/CVE-2011-3872.patch/acceptance/tests

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

.pc/CVE-2011-3872.patch/lib

.pc/CVE-2011-3872.patch/lib/puppet

.pc/CVE-2011-3872.patch/lib/puppet/application

.pc/CVE-2011-3872.patch/lib/puppet/application/cert.rb

.pc/CVE-2011-3872.patch/lib/puppet/application/kick.rb

.pc/CVE-2011-3872.patch/lib/puppet/defaults.rb

.pc/CVE-2011-3872.patch/lib/puppet/face

.pc/CVE-2011-3872.patch/lib/puppet/face/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/network

.pc/CVE-2011-3872.patch/lib/puppet/network/client

.pc/CVE-2011-3872.patch/lib/puppet/network/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/proxy.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/report.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/status.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/master.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server/webrick.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority/interface.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_factory.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_request.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/host.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/inventory.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/support.rb

.pc/CVE-2011-3872.patch/lib/puppet/type

.pc/CVE-2011-3872.patch/lib/puppet/type/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/util

.pc/CVE-2011-3872.patch/lib/puppet/util/monkey_patches.rb

.pc/CVE-2011-3872.patch/lib/puppet/util/settings.rb

.pc/CVE-2011-3872.patch/spec

.pc/CVE-2011-3872.patch/spec/integration

.pc/CVE-2011-3872.patch/spec/integration/defaults_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network

.pc/CVE-2011-3872.patch/spec/integration/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network/handler_spec.rb

.pc/CVE-2011-3872.patch/spec/spec_helper.rb

.pc/CVE-2011-3872.patch/spec/unit

.pc/CVE-2011-3872.patch/spec/unit/face

.pc/CVE-2011-3872.patch/spec/unit/face/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/indirector

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network

.pc/CVE-2011-3872.patch/spec/unit/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/handler

.pc/CVE-2011-3872.patch/spec/unit/network/handler/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority/interface_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_factory_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_request_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/host_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/util

.pc/CVE-2011-3872.patch/spec/unit/util/settings_spec.rb

.pc/CVE-2011-3872.patch/test

.pc/CVE-2011-3872.patch/test/certmgr

.pc/CVE-2011-3872.patch/test/certmgr/certmgr.rb

.pc/CVE-2011-3872.patch/test/certmgr/inventory.rb

.pc/CVE-2011-3872.patch/test/certmgr/support.rb

.pc/CVE-2011-3872.patch/test/language

.pc/CVE-2011-3872.patch/test/language/functions.rb

.pc/CVE-2011-3872.patch/test/language/snippets.rb

.pc/CVE-2011-3872.patch/test/lib

.pc/CVE-2011-3872.patch/test/lib/puppettest

.pc/CVE-2011-3872.patch/test/lib/puppettest/exetest.rb

.pc/CVE-2011-3872.patch/test/lib/puppettest/servertest.rb

.pc/CVE-2011-3872.patch/test/network

.pc/CVE-2011-3872.patch/test/network/client

.pc/CVE-2011-3872.patch/test/network/client/ca.rb

.pc/CVE-2011-3872.patch/test/network/client/dipper.rb

.pc/CVE-2011-3872.patch/test/network/handler

.pc/CVE-2011-3872.patch/test/network/handler/ca.rb

.pc/CVE-2011-3872.patch/test/network/server

.pc/CVE-2011-3872.patch/test/network/server/mongrel_test.rb

.pc/CVE-2011-3872.patch/test/network/server/webrick.rb

.pc/CVE-2011-3872.patch/test/network/xmlrpc

.pc/CVE-2011-3872.patch/test/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/test/rails

.pc/CVE-2011-3872.patch/test/rails/rails.rb

.pc/CVE-2011-3872.patch/test/ral

.pc/CVE-2011-3872.patch/test/ral/type

.pc/CVE-2011-3872.patch/test/ral/type/filesources.rb

debian/patches/CVE-2011-3872.patch

spec/unit/network/handler/ca_spec.rb

files removed:
lib/puppet/network/client

lib/puppet/network/client.rb

lib/puppet/network/client/ca.rb

lib/puppet/network/client/file.rb

lib/puppet/network/client/proxy.rb

lib/puppet/network/client/report.rb

lib/puppet/network/client/runner.rb

lib/puppet/network/client/status.rb

lib/puppet/network/http_server/webrick.rb

lib/puppet/network/xmlrpc/client.rb

lib/puppet/sslcertificates

lib/puppet/sslcertificates.rb

lib/puppet/sslcertificates/ca.rb

lib/puppet/sslcertificates/certificate.rb

lib/puppet/sslcertificates/inventory.rb

lib/puppet/sslcertificates/support.rb

spec/integration/network/client_spec.rb

spec/unit/network/client_spec.rb

spec/unit/network/xmlrpc

spec/unit/network/xmlrpc/client_spec.rb

spec/unit/sslcertificates

spec/unit/sslcertificates/ca_spec.rb

test/certmgr

test/certmgr/certmgr.rb

test/certmgr/inventory.rb

test/certmgr/support.rb

test/network/client

test/network/client/ca.rb

test/network/client/dipper.rb

test/network/handler/ca.rb

test/network/server

test/network/server/mongrel_test.rb

test/network/server/webrick.rb

test/network/xmlrpc/client.rb

files modified:
.pc/applied-patches

acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

debian/changelog

debian/patches/series

lib/puppet/application/cert.rb

lib/puppet/application/kick.rb

lib/puppet/defaults.rb

lib/puppet/face/certificate.rb

lib/puppet/network/handler/ca.rb

lib/puppet/network/handler/master.rb

lib/puppet/network/handler/runner.rb

lib/puppet/ssl/certificate.rb

lib/puppet/ssl/certificate_authority.rb

lib/puppet/ssl/certificate_authority/interface.rb

lib/puppet/ssl/certificate_factory.rb

lib/puppet/ssl/certificate_request.rb

lib/puppet/ssl/host.rb

lib/puppet/type/file.rb

lib/puppet/util/monkey_patches.rb

lib/puppet/util/settings.rb

spec/integration/defaults_spec.rb

spec/integration/network/handler_spec.rb

spec/spec_helper.rb

spec/unit/face/certificate_spec.rb

spec/unit/indirector/certificate_request/ca_spec.rb

spec/unit/ssl/certificate_authority/interface_spec.rb

spec/unit/ssl/certificate_authority_spec.rb

spec/unit/ssl/certificate_factory_spec.rb

spec/unit/ssl/certificate_request_spec.rb

spec/unit/ssl/certificate_spec.rb

spec/unit/ssl/host_spec.rb

spec/unit/util/settings_spec.rb

test/language/functions.rb

test/language/snippets.rb

test/lib/puppettest/exetest.rb

test/lib/puppettest/servertest.rb

test/rails/rails.rb

test/ral/type/filesources.rb

Show diffs side-by-side

added added

removed removed

test/certmgr/inventory.rb

1

#!/usr/bin/env ruby

2

3

require File.expand_path(File.dirname(__FILE__) + '/../lib/puppettest')

4

5

require 'puppet'

6

require 'puppettest/certificates'

7

require 'puppet/sslcertificates/inventory.rb'

8

require 'mocha'

9

10

class TestCertInventory < Test::Unit::TestCase

11

include PuppetTest::Certificates

12

13

Inventory = Puppet::SSLCertificates::Inventory

14

15

def setup

16

super

17

Puppet::Util::SUIDManager.stubs(:asuser).yields

18

end

19

20

def test_format

21

cert = mksignedcert

22

23

format = nil

24

assert_nothing_raised do

25

format = Inventory.format(cert)

26

end

27

28

29

assert(

30

format =~ /^0x0001 \S+ \S+ #{cert.subject}/,

31

32

"Did not create correct format")

33

end

34

35

def test_init

36

# First create a couple of certificates

37

ca = mkCA

38

39

cert1 = mksignedcert(ca, "host1.madstop.com")

40

cert2 = mksignedcert(ca, "host2.madstop.com")

41

42

init = nil

43

assert_nothing_raised do

44

init = Inventory.init

45

end

46

47

[cert1, cert2].each do |cert|

48

assert(init.include?(cert.subject.to_s), "Did not catch #{cert.subject}")

49

end

50

end

51

52

def test_add

53

ca = mkCA

54

cert = mksignedcert(ca, "host.domain.com")

55

56

assert_nothing_raised do

57

file = mock

58

file.expects(:puts).with do |written|

59

written.include? cert.subject.to_s

60

end

61

Puppet::Util::Settings.any_instance.stubs(:write)

62

Puppet::Util::Settings.any_instance.expects(:write).

63

with(:cert_inventory, 'a').yields(file)

64

65

Puppet::SSLCertificates::Inventory.add(cert)

66

end

67

end

68

end

69

Older »