← Back to branch summary

~ubuntu-branches/ubuntu/precise/puppet/precise-security

~ubuntu-branches/ubuntu/precise/puppet/precise-security

« back to all changes in this revision

Viewing changes to lib/puppet/indirector/file_bucket_file/selector.rb

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-07-10 07:58:03 UTC
Revision ID: package-import@ubuntu.com-20120710075803-og8iubg2a90dtk7f

Tags: 2.7.11-1ubuntu2.1

* SECURITY UPDATE: Multiple July 2012 security issues
  - debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch: upstream
    patch to fix multiple security issues.
  - CVE-2012-3864: arbitrary file read on master from authenticated
    clients
  - CVE-2012-3865: arbitrary file delete or denial of service on master
    from authenticated clients
  - CVE-2012-3866: last_run_report.yaml report file is world readable and
    leads to arbitrary file read on master by an agent
  - CVE-2012-3867: insufficient input validation for agent cert hostnames

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/application

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/application/master.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/defaults.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/face

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/face/file

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/face/file/download.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket/file

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket/file.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_bucket/file/indirection_hooks.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/configuration.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/content.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/indirection_hooks.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/metadata.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/mount

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/mount/modules.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/file_serving/terminus_selector.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_bucket_file

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_bucket_file/selector.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_content

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_content/selector.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_metadata

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/indirector/file_metadata/selector.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/network

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/network/authstore.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/reports

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/reports/store.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/base.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/certificate_authority

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/certificate_authority.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/certificate_authority/interface.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/lib/puppet/ssl/host.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_bucket

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_bucket/file_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_serving

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_serving/content_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/file_serving/metadata_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/network

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/integration/network/rest_authconfig_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/shared_behaviours

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/shared_behaviours/file_serving.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/shared_behaviours/file_serving_model.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/configuration_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/content_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/indirection_hooks_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/metadata_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/mount

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/mount/modules_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/file_serving/terminus_selector_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_bucket_file

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_bucket_file/selector_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_content

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_content/selector_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_metadata

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/indirector/file_metadata/selector_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/network

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/network/handler

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/network/handler/ca_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/reports

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/reports/store_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl/certificate_authority

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl/certificate_authority/interface_spec.rb

.pc/2.7.17-Puppet-July-2012-CVE-fixes.patch/spec/unit/ssl/certificate_authority_spec.rb

debian/patches/2.7.17-Puppet-July-2012-CVE-fixes.patch

lib/puppet/file_serving/terminus_selector.rb

lib/puppet/indirector/file_bucket_file/selector.rb

lib/puppet/indirector/file_content/selector.rb

lib/puppet/indirector/file_metadata/selector.rb

spec/integration/file_bucket

spec/integration/file_bucket/file_spec.rb

spec/shared_behaviours/file_serving_model.rb

spec/unit/file_serving/terminus_selector_spec.rb

spec/unit/indirector/file_bucket_file/selector_spec.rb

spec/unit/indirector/file_content/selector_spec.rb

spec/unit/indirector/file_metadata/selector_spec.rb

files removed:
lib/puppet/file_bucket/file

lib/puppet/file_bucket/file/indirection_hooks.rb

lib/puppet/file_serving/indirection_hooks.rb

spec/unit/file_serving/indirection_hooks_spec.rb

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

lib/puppet/application/master.rb

lib/puppet/defaults.rb

lib/puppet/face/file/download.rb

lib/puppet/file_bucket/file.rb

lib/puppet/file_serving/configuration.rb

lib/puppet/file_serving/content.rb

lib/puppet/file_serving/metadata.rb

lib/puppet/file_serving/mount/modules.rb

lib/puppet/network/authstore.rb

lib/puppet/reports/store.rb

lib/puppet/ssl/base.rb

lib/puppet/ssl/certificate_authority.rb

lib/puppet/ssl/certificate_authority/interface.rb

lib/puppet/ssl/host.rb

spec/integration/file_serving/content_spec.rb

spec/integration/file_serving/metadata_spec.rb

spec/integration/network/rest_authconfig_spec.rb

spec/shared_behaviours/file_serving.rb

spec/unit/file_serving/configuration_spec.rb

spec/unit/file_serving/content_spec.rb

spec/unit/file_serving/metadata_spec.rb

spec/unit/file_serving/mount/modules_spec.rb

spec/unit/network/handler/ca_spec.rb

spec/unit/reports/store_spec.rb

spec/unit/ssl/certificate_authority/interface_spec.rb

spec/unit/ssl/certificate_authority_spec.rb

Show diffs side-by-side

added added

removed removed

lib/puppet/indirector/file_bucket_file/selector.rb

1

require 'puppet/indirector/code'

2

3

module Puppet::FileBucketFile

4

class Selector < Puppet::Indirector::Code

5

desc "Select the terminus based on the request"

6

7

def select(request)

8

if request.protocol == 'https'

9

:rest

10

else

11

:file

12

end

13

end

14

15

def get_terminus(request)

16

indirection.terminus(select(request))

17

end

18

19

def head(request)

20

get_terminus(request).head(request)

21

end

22

23

def find(request)

24

get_terminus(request).find(request)

25

end

26

27

def save(request)

28

get_terminus(request).save(request)

29

end

30

31

def search(request)

32

get_terminus(request).search(request)

33

end

34

35

def destroy(request)

36

get_terminus(request).destroy(request)

37

end

38

39

def authorized?(request)

40

terminus = get_terminus(request)

41

if terminus.respond_to?(:authorized?)

42

terminus.authorized?(request)

43

else

44

true

45

end

46

end

47

end

48

end

49

Older »