Issue #5010 has been updated by Jacob Helwig.
Status changed from Accepted to Merged - Pending Release
Target version changed from 2.6.x to 2.7.3
This has been merged into `2.7.x` in
commit:5682125e1800f4c7b69b20fdd28f97a473d5d93c and `master` in
commit:5b167eba2b602f5c6c6c224790fa1eb56b239ad4
commit 0c385f1fb436ab6f667693d347f711470305a019
Author: Brice Figureau <[email protected]>
Date: Mon May 30 11:17:11 2011
Fix #5010 - Allow leading whitespace in auth.conf
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <[email protected]>
----------------------------------------
Bug #5010: Trailing whitespace is not allowed in auth.conf files
https://projects.puppetlabs.com/issues/5010
Author: Ian Burrell
Status: Merged - Pending Release
Priority: High
Assignee:
Category:
Target version: 2.7.3
Affected Puppet version: 0.25.5
Keywords:
Branch: https://github.com/masterzen/puppet/tree/tickets/2.6.x/5777
Trailing whitespace is not handled well in auth.conf and namespaceauth.conf.
Depending on the code path and the location of the whitespace it results in a
parse error, a misleading "incorrect authenticated value" error, etc. It would
be nice if the config files ignored trailing whitespace.
On 2.6.x connecting with this auth.conf:
<pre>
path /
auth no␢
allow *
</pre>
Where the "␢" indicates a literal (trailing) blank, the following error occurs
on the master:
<pre>
./lib/puppet/network/rights.rb:242:in `restrict_authenticated'
./lib/puppet/network/authconfig.rb:163:in `send'
./lib/puppet/network/authconfig.rb:163:in `modify_right'
./lib/puppet/network/authconfig.rb:160:in `each'
./lib/puppet/network/authconfig.rb:160:in `modify_right'
./lib/puppet/network/authconfig.rb:152:in `parse_right_directive'
./lib/puppet/network/authconfig.rb:106:in `parse'
./lib/puppet/network/authconfig.rb:92:in `each'
./lib/puppet/network/authconfig.rb:92:in `parse'
./lib/puppet/network/authconfig.rb:89:in `open'
./lib/puppet/network/authconfig.rb:89:in `parse'
./lib/puppet/network/rest_authconfig.rb:56:in `parse'
./lib/puppet/network/authconfig.rb:78:in `read'
./lib/puppet/network/authconfig.rb:52:in `initialize'
./lib/puppet/network/rest_authconfig.rb:48:in `initialize'
./lib/puppet/network/authconfig.rb:9:in `new'
./lib/puppet/network/authconfig.rb:9:in `main'
./lib/puppet/network/rest_authconfig.rb:25:in `main'
/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
./lib/puppet/network/rest_authconfig.rb:23:in `main'
./lib/puppet/network/rest_authorization.rb:12:in `authconfig'
./lib/puppet/network/rest_authorization.rb:19:in `check_authorization'
./lib/puppet/network/http/handler.rb:66:in `process'
./lib/puppet/network/http/webrick/rest.rb:24:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
./lib/puppet/network/http/webrick.rb:45
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
./lib/puppet/network/http/webrick.rb:42:in `listen'
./lib/puppet/network/http/webrick.rb:41:in `initialize'
./lib/puppet/network/http/webrick.rb:41:in `new'
./lib/puppet/network/http/webrick.rb:41:in `listen'
./lib/puppet/network/http/webrick.rb:38:in `synchronize'
./lib/puppet/network/http/webrick.rb:38:in `listen'
./lib/puppet/network/server.rb:127:in `listen'
./lib/puppet/network/server.rb:142:in `start'
./lib/puppet/daemon.rb:124:in `start'
./lib/puppet/application/master.rb:114:in `main'
./lib/puppet/application/master.rb:46:in `run_command'
./lib/puppet/application.rb:304:in `run'
./lib/puppet/application.rb:410:in `exit_on_fail'
./lib/puppet/application.rb:304:in `run'
sbin/puppetmasterd:4
err: '/' incorrect authenticated value: no
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
