The core bug here was a regression introduced by my IPv6 patch. Wildcarded domains are stored as ["com","reductivelabs","*"] but the code in question was assuming it was in normal order.
Added tests to prevet recurrence. Signed-off-by: Markus Roberts <[email protected]> --- lib/puppet/network/authstore.rb | 2 +- spec/unit/network/authstore.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletions(-) diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb index 796d3d8..a7029a0 100755 --- a/lib/puppet/network/authstore.rb +++ b/lib/puppet/network/authstore.rb @@ -240,7 +240,7 @@ module Puppet # Change to /^(\w[-\w]*\.)+[-\w]+\.?$/ for FQDN support [:domain,:exact,nil,munge_name(value)] when /^\*(\.(\w[-\w]*)){1,}$/ # *.domain.com - host_sans_star = munge_name(value)[1..-1] + host_sans_star = munge_name(value)[0..-2] [:domain,:inexact,host_sans_star.length,host_sans_star] when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2 [:dynamic,:exact,nil,munge_name(value)] diff --git a/spec/unit/network/authstore.rb b/spec/unit/network/authstore.rb index c822c90..58eb926 100644 --- a/spec/unit/network/authstore.rb +++ b/spec/unit/network/authstore.rb @@ -278,6 +278,28 @@ describe Puppet::Network::AuthStore::Declaration do end } + ['abc.12seps.edu.phisher.biz','www.google.com','slashdot.org'].each { |host| + (1...(host.split('.').length)).each { |n| + describe "when the pattern is #{"*."+host.split('.')[-n,n].join('.')}" do + before :each do + @pattern = "*."+host.split('.')[-n,n].join('.') + @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@pattern) + end + it "should match #{host}" do + @declaration.should be_match(host,'1.2.3.4') + end + it "should not match www.testsite.gov" do + @declaration.should_not be_match('www.testsite.gov','200.101.99.98') + end + it "should not match hosts that differ in the first non-wildcard segment" do + other = host.split('.') + other[-n].succ! + @declaration.should_not be_match(other.join('.'),'1.2.3.4') + end + end + } + } + describe "when the pattern is a FQDN" do before :each do @host = 'spirit.mars.nasa.gov.' -- 1.6.4 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
