← Back to branch summary

~ubuntu-branches/ubuntu/quantal/puppet/quantal-security

~ubuntu-branches/ubuntu/quantal/puppet/quantal-security

« back to all changes in this revision

Viewing changes to lib/puppet/network/client/proxy.rb

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-10-24 15:05:12 UTC
Revision ID: james.westby@ubuntu.com-20111024150512-yxqwfdp6hcs6of5l

Tags: 2.7.1-1ubuntu3.2

* SECURITY UPDATE: puppet master impersonation via incorrect certificates
  - debian/patches/CVE-2011-3872.patch: refactor certificate handling.
  - Thanks to upstream for providing the patch.
  - CVE-2011-3872

files added:
.pc/CVE-2011-3872.patch

.pc/CVE-2011-3872.patch/acceptance

.pc/CVE-2011-3872.patch/acceptance/tests

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

.pc/CVE-2011-3872.patch/lib

.pc/CVE-2011-3872.patch/lib/puppet

.pc/CVE-2011-3872.patch/lib/puppet/application

.pc/CVE-2011-3872.patch/lib/puppet/application/cert.rb

.pc/CVE-2011-3872.patch/lib/puppet/application/kick.rb

.pc/CVE-2011-3872.patch/lib/puppet/defaults.rb

.pc/CVE-2011-3872.patch/lib/puppet/face

.pc/CVE-2011-3872.patch/lib/puppet/face/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/network

.pc/CVE-2011-3872.patch/lib/puppet/network/client

.pc/CVE-2011-3872.patch/lib/puppet/network/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/proxy.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/report.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/status.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/master.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server/webrick.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority/interface.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_factory.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_request.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/host.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/inventory.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/support.rb

.pc/CVE-2011-3872.patch/lib/puppet/type

.pc/CVE-2011-3872.patch/lib/puppet/type/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/util

.pc/CVE-2011-3872.patch/lib/puppet/util/monkey_patches.rb

.pc/CVE-2011-3872.patch/lib/puppet/util/settings.rb

.pc/CVE-2011-3872.patch/spec

.pc/CVE-2011-3872.patch/spec/integration

.pc/CVE-2011-3872.patch/spec/integration/defaults_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network

.pc/CVE-2011-3872.patch/spec/integration/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network/handler_spec.rb

.pc/CVE-2011-3872.patch/spec/spec_helper.rb

.pc/CVE-2011-3872.patch/spec/unit

.pc/CVE-2011-3872.patch/spec/unit/face

.pc/CVE-2011-3872.patch/spec/unit/face/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/indirector

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network

.pc/CVE-2011-3872.patch/spec/unit/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/handler

.pc/CVE-2011-3872.patch/spec/unit/network/handler/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority/interface_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_factory_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_request_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/host_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/util

.pc/CVE-2011-3872.patch/spec/unit/util/settings_spec.rb

.pc/CVE-2011-3872.patch/test

.pc/CVE-2011-3872.patch/test/certmgr

.pc/CVE-2011-3872.patch/test/certmgr/certmgr.rb

.pc/CVE-2011-3872.patch/test/certmgr/inventory.rb

.pc/CVE-2011-3872.patch/test/certmgr/support.rb

.pc/CVE-2011-3872.patch/test/language

.pc/CVE-2011-3872.patch/test/language/functions.rb

.pc/CVE-2011-3872.patch/test/language/snippets.rb

.pc/CVE-2011-3872.patch/test/lib

.pc/CVE-2011-3872.patch/test/lib/puppettest

.pc/CVE-2011-3872.patch/test/lib/puppettest/exetest.rb

.pc/CVE-2011-3872.patch/test/lib/puppettest/servertest.rb

.pc/CVE-2011-3872.patch/test/network

.pc/CVE-2011-3872.patch/test/network/client

.pc/CVE-2011-3872.patch/test/network/client/ca.rb

.pc/CVE-2011-3872.patch/test/network/client/dipper.rb

.pc/CVE-2011-3872.patch/test/network/handler

.pc/CVE-2011-3872.patch/test/network/handler/ca.rb

.pc/CVE-2011-3872.patch/test/network/server

.pc/CVE-2011-3872.patch/test/network/server/mongrel_test.rb

.pc/CVE-2011-3872.patch/test/network/server/webrick.rb

.pc/CVE-2011-3872.patch/test/network/xmlrpc

.pc/CVE-2011-3872.patch/test/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/test/rails

.pc/CVE-2011-3872.patch/test/rails/rails.rb

.pc/CVE-2011-3872.patch/test/ral

.pc/CVE-2011-3872.patch/test/ral/type

.pc/CVE-2011-3872.patch/test/ral/type/filesources.rb

debian/patches/CVE-2011-3872.patch

spec/unit/network/handler/ca_spec.rb

files removed:
lib/puppet/network/client

lib/puppet/network/client.rb

lib/puppet/network/client/ca.rb

lib/puppet/network/client/file.rb

lib/puppet/network/client/proxy.rb

lib/puppet/network/client/report.rb

lib/puppet/network/client/runner.rb

lib/puppet/network/client/status.rb

lib/puppet/network/http_server/webrick.rb

lib/puppet/network/xmlrpc/client.rb

lib/puppet/sslcertificates

lib/puppet/sslcertificates.rb

lib/puppet/sslcertificates/ca.rb

lib/puppet/sslcertificates/certificate.rb

lib/puppet/sslcertificates/inventory.rb

lib/puppet/sslcertificates/support.rb

spec/integration/network/client_spec.rb

spec/unit/network/client_spec.rb

spec/unit/network/xmlrpc

spec/unit/network/xmlrpc/client_spec.rb

spec/unit/sslcertificates

spec/unit/sslcertificates/ca_spec.rb

test/certmgr

test/certmgr/certmgr.rb

test/certmgr/inventory.rb

test/certmgr/support.rb

test/network/client

test/network/client/ca.rb

test/network/client/dipper.rb

test/network/handler/ca.rb

test/network/server

test/network/server/mongrel_test.rb

test/network/server/webrick.rb

test/network/xmlrpc/client.rb

files modified:
.pc/applied-patches

acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

debian/changelog

debian/patches/series

lib/puppet/application/cert.rb

lib/puppet/application/kick.rb

lib/puppet/defaults.rb

lib/puppet/face/certificate.rb

lib/puppet/network/handler/ca.rb

lib/puppet/network/handler/master.rb

lib/puppet/network/handler/runner.rb

lib/puppet/ssl/certificate.rb

lib/puppet/ssl/certificate_authority.rb

lib/puppet/ssl/certificate_authority/interface.rb

lib/puppet/ssl/certificate_factory.rb

lib/puppet/ssl/certificate_request.rb

lib/puppet/ssl/host.rb

lib/puppet/type/file.rb

lib/puppet/util/monkey_patches.rb

lib/puppet/util/settings.rb

spec/integration/defaults_spec.rb

spec/integration/network/handler_spec.rb

spec/spec_helper.rb

spec/unit/face/certificate_spec.rb

spec/unit/indirector/certificate_request/ca_spec.rb

spec/unit/ssl/certificate_authority/interface_spec.rb

spec/unit/ssl/certificate_authority_spec.rb

spec/unit/ssl/certificate_factory_spec.rb

spec/unit/ssl/certificate_request_spec.rb

spec/unit/ssl/certificate_spec.rb

spec/unit/ssl/host_spec.rb

spec/unit/util/settings_spec.rb

test/language/functions.rb

test/language/snippets.rb

test/lib/puppettest/exetest.rb

test/lib/puppettest/servertest.rb

test/rails/rails.rb

test/ral/type/filesources.rb

Show diffs side-by-side

added added

removed removed

lib/puppet/network/client/proxy.rb

1

# unlike the other client classes (again, this design sucks) this class

2

# is basically just a proxy class -- it calls its methods on the driver

3

# and that's about it

4

class Puppet::Network::Client::ProxyClient < Puppet::Network::Client

5

def self.mkmethods

6

interface = self.handler.interface

7

namespace = interface.prefix

8

9

10

interface.methods.each { |ary|

11

method = ary[0]

12

Puppet.debug "#{self}: defining #{namespace}.#{method}"

13

define_method(method) { |*args|

14

begin

15

@driver.send(method, *args)

16

rescue XMLRPC::FaultException => detail

17

#Puppet.err "Could not call %s.%s: %s" %

18

# [namespace, method, detail.faultString]

19

#raise NetworkClientError,

20

# "XMLRPC Error: #{detail.faultString}"

21

raise NetworkClientError, detail.faultString

22

end

23

}

24

}

25

end

26

end

27

Older »