puppet 2.6.11 → 2.6.12

data/lib/puppet/network/client/ca.rb

@@ -1,56 +0,0 @@
-require 'puppet/network/client'
-
-# Request a certificate from the remote system.
-class Puppet::Network::Client::CA < Puppet::Network::Client
-  class InvalidCertificate < Puppet::Error; end
-
-  def initialize(options = {})
-    options = symbolize_options(options)
-    unless options.include?(:Server) or options.include?(:CA)
-      options[:Server] = Puppet[:ca_server]
-      options[:Port] = Puppet[:ca_port]
-    end
-    super(options)
-  end
-
-  # This client is really only able to request certificates for the
-  # current host.  It uses the Puppet.settings settings to figure everything out.
-  def request_cert
-    Puppet.settings.use(:main, :ssl)
-
-    if cert = read_cert
-      return cert
-    end
-
-    begin
-      cert, cacert = @driver.getcert(csr.to_pem)
-    rescue => detail
-      puts detail.backtrace if Puppet[:trace]
-      raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
-    end
-
-    if cert.nil? or cert == ""
-      return nil
-    end
-
-    begin
-      @cert = OpenSSL::X509::Certificate.new(cert)
-      @cacert = OpenSSL::X509::Certificate.new(cacert)
-    rescue => detail
-      raise InvalidCertificate.new(
-        "Invalid certificate: #{detail}"
-      )
-    end
-
-    unless @cert.check_private_key(key)
-      raise InvalidCertificate, "Certificate does not match private key.  Try 'puppetca --clean #{Puppet[:certname]}' on the server."
-    end
-
-    # Only write the cert out if it passes validating.
-    Puppet.settings.write(:hostcert) do |f| f.print cert end
-    Puppet.settings.write(:localcacert) do |f| f.print cacert end
-
-    @cert
-  end
-end
-

data/lib/puppet/network/client/file.rb

@@ -1,6 +0,0 @@
-class Puppet::Network::Client::File < Puppet::Network::Client::ProxyClient
-  @handler = Puppet::Network::Handler.handler(:fileserver)
-  @drivername = :FileServer
-  self.mkmethods
-end
-

data/lib/puppet/network/client/proxy.rb

@@ -1,27 +0,0 @@
-# unlike the other client classes (again, this design sucks) this class
-# is basically just a proxy class -- it calls its methods on the driver
-# and that's about it
-class Puppet::Network::Client::ProxyClient < Puppet::Network::Client
-  def self.mkmethods
-    interface = self.handler.interface
-    namespace = interface.prefix
-
-
-    interface.methods.each { |ary|
-      method = ary[0]
-      Puppet.debug "#{self}: defining #{namespace}.#{method}"
-      define_method(method) { |*args|
-        begin
-          @driver.send(method, *args)
-        rescue XMLRPC::FaultException => detail
-          #Puppet.err "Could not call %s.%s: %s" %
-          #    [namespace, method, detail.faultString]
-          #raise NetworkClientError,
-          #    "XMLRPC Error: #{detail.faultString}"
-          raise NetworkClientError, detail.faultString
-        end
-      }
-    }
-  end
-end
-

data/lib/puppet/network/client/report.rb

@@ -1,26 +0,0 @@
-class Puppet::Network::Client::Report < Puppet::Network::Client
-  @handler = Puppet::Network::Handler.handler(:report)
-
-  def initialize(hash = {})
-    hash[:Report] = self.class.handler.new if hash.include?(:Report)
-
-    super(hash)
-  end
-
-  # Send our report.  We get the transaction report and convert it to YAML
-  # as appropriate.
-  def report(transreport)
-    report = YAML.dump(transreport)
-
-    report = CGI.escape(report) unless self.local
-
-    # Now send the report
-    file = nil
-    benchmark(:info, "Sent transaction report") do
-      file = @driver.report(report)
-    end
-
-    file
-  end
-end
-

data/lib/puppet/network/client/runner.rb

@@ -1,10 +0,0 @@
-class Puppet::Network::Client::Runner < Puppet::Network::Client::ProxyClient
-  self.mkmethods
-
-  def initialize(hash = {})
-    hash[:Runner] = self.class.handler.new if hash.include?(:Runner)
-
-    super(hash)
-  end
-end
-

data/lib/puppet/network/client/status.rb

@@ -1,4 +0,0 @@
-class Puppet::Network::Client::Status < Puppet::Network::Client::ProxyClient
-  self.mkmethods
-end
-

data/lib/puppet/network/http_server.rb

@@ -1,3 +0,0 @@
-# Just a stub, so we can correctly scope other classes.
-module Puppet::Network::HTTPServer # :nodoc:
-end

data/lib/puppet/network/http_server/mongrel.rb

@@ -1,150 +0,0 @@
-#!/usr/bin/env ruby
-# File:       06-11-14-mongrel_xmlrpc.rb
-# Author:     Manuel Holtgrewe <purestorm at ggnore.net>
-#
-# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-
-# This file is based heavily on a file retrieved from
-# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
-
-require 'rubygems'
-require 'mongrel'
-require 'xmlrpc/server'
-require 'puppet/network/xmlrpc/server'
-require 'puppet/network/http_server'
-require 'puppet/network/client_request'
-require 'puppet/network/handler'
-
-require 'resolv'
-
-# This handler can be hooked into Mongrel to accept HTTP requests. After
-# checking whether the request itself is sane, the handler forwards it
-# to an internal instance of XMLRPC::BasicServer to process it.
-#
-# You can access the server by calling the Handler's "xmlrpc_server"
-# attribute accessor method and add XMLRPC handlers there. For example:
-#
-# <pre>
-# handler = XmlRpcHandler.new
-# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
-# </pre>
-module Puppet::Network
-  class HTTPServer::Mongrel < ::Mongrel::HttpHandler
-    attr_reader :xmlrpc_server
-
-    def initialize(handlers)
-      if Puppet[:debug]
-        $mongrel_debug_client = true
-        Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
-      end
-      # Create a new instance of BasicServer. We are supposed to subclass it
-      # but that does not make sense since we would not introduce any new
-      # behaviour and we have to subclass Mongrel::HttpHandler so our handler
-      # works for Mongrel.
-      @xmlrpc_server = Puppet::Network::XMLRPCServer.new
-      handlers.each do |name|
-        unless handler = Puppet::Network::Handler.handler(name)
-          raise ArgumentError, "Invalid handler #{name}"
-        end
-        @xmlrpc_server.add_handler(handler.interface, handler.new({}))
-      end
-    end
-
-    # This method produces the same results as XMLRPC::CGIServer.serve
-    # from Ruby's stdlib XMLRPC implementation.
-    def process(request, response)
-      # Make sure this has been a POST as required for XMLRPC.
-      request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
-      if request_method != "POST"
-        response.start(405) { |head, out| out.write("Method Not Allowed") }
-        return
-      end
-
-      # Make sure the user has sent text/xml data.
-      request_mime = request.params["CONTENT_TYPE"] || "text/plain"
-      if parse_content_type(request_mime).first != "text/xml"
-        response.start(400) { |head, out| out.write("Bad Request") }
-        return
-      end
-
-      # Make sure there is data in the body at all.
-      length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
-      if length <= 0
-        response.start(411) { |head, out| out.write("Length Required") }
-        return
-      end
-
-      # Check the body to be valid.
-      if request.body.nil? or request.body.size != length
-        response.start(400) { |head, out| out.write("Bad Request") }
-        return
-      end
-
-      info = client_info(request)
-
-      # All checks above passed through
-      response.start(200) do |head, out|
-        head["Content-Type"] = "text/xml; charset=utf-8"
-        begin
-          out.write(@xmlrpc_server.process(request.body, info))
-        rescue => detail
-          puts detail.backtrace
-          raise
-        end
-      end
-    end
-
-    private
-
-    def client_info(request)
-      params = request.params
-      ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
-      # JJM #906 The following dn.match regular expression is forgiving
-      # enough to match the two Distinguished Name string contents
-      # coming from Apache, Pound or other reverse SSL proxies.
-      if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
-        client = dn_matchdata[1].to_str
-        valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
-      else
-        begin
-          client = Resolv.getname(ip)
-        rescue => detail
-          Puppet.err "Could not resolve #{ip}: #{detail}"
-          client = "unknown"
-        end
-        valid = false
-      end
-
-      info = Puppet::Network::ClientRequest.new(client, ip, valid)
-
-      info
-    end
-
-    # Taken from XMLRPC::ParseContentType
-    def parse_content_type(str)
-      a, *b = str.split(";")
-      return a.strip, *b
-    end
-  end
-end
-

data/lib/puppet/network/http_server/webrick.rb

@@ -1,155 +0,0 @@
-require 'puppet'
-require 'webrick'
-require 'webrick/https'
-require 'fcntl'
-
-require 'puppet/sslcertificates/support'
-require 'puppet/network/xmlrpc/webrick_servlet'
-require 'puppet/network/http_server'
-require 'puppet/network/client'
-require 'puppet/network/handler'
-
-module Puppet
-  class ServerError < RuntimeError; end
-  module Network
-    # The old-school, pure ruby webrick server, which is the default serving
-    # mechanism.
-    class HTTPServer::WEBrick < WEBrick::HTTPServer
-      include Puppet::SSLCertificates::Support
-
-      # Read the CA cert and CRL and populate an OpenSSL::X509::Store
-      # with them, with flags appropriate for checking client
-      # certificates for revocation
-      def x509store
-        unless File.exist?(Puppet[:cacrl])
-          # No CRL, no store needed
-          return nil
-        end
-        crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
-        store = OpenSSL::X509::Store.new
-        store.purpose = OpenSSL::X509::PURPOSE_ANY
-        store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK if Puppet.settings[:certificate_revocation]
-        raise Puppet::Error, "Could not find CA certificate" unless self.ca_cert
-
-        store.add_file(Puppet[:localcacert])
-        store.add_crl(crl)
-        store
-      end
-
-      # Set up the http log.
-      def httplog
-        args = []
-
-        # yuck; separate http logs
-        file = nil
-        Puppet.settings.use(:main, :ssl, Puppet[:name])
-        if Puppet.run_mode.master?
-          file = Puppet[:masterhttplog]
-        else
-          file = Puppet[:httplog]
-        end
-
-        # open the log manually to prevent file descriptor leak
-        file_io = open(file, "a+")
-        file_io.sync
-        file_io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
-
-        args << file_io
-        args << WEBrick::Log::DEBUG if Puppet[:debug]
-
-        log = WEBrick::Log.new(*args)
-
-
-        log
-      end
-
-      # Create our server, yo.
-      def initialize(hash = {})
-        Puppet.info "Starting server for Puppet version #{Puppet.version}"
-
-        if handlers = hash[:Handlers]
-          handler_instances = setup_handlers(handlers)
-        else
-          raise ServerError, "A server must have handlers"
-        end
-
-        unless self.read_cert
-          if ca = handler_instances.find { |handler| handler.is_a?(Puppet::Network::Handler.ca) }
-            request_cert(ca)
-          else
-            raise Puppet::Error, "No certificate and no CA; cannot get cert"
-          end
-        end
-
-        setup_webrick(hash)
-
-        begin
-          super(hash)
-        rescue => detail
-          puts detail.backtrace if Puppet[:trace]
-          raise Puppet::Error, "Could not start WEBrick: #{detail}"
-        end
-
-        # make sure children don't inherit the sockets
-        listeners.each { |sock|
-          sock.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
-        }
-
-        Puppet.info "Listening on port #{hash[:Port]}"
-
-        # this creates a new servlet for every connection,
-        # but all servlets have the same list of handlers
-        # thus, the servlets can have their own state -- passing
-        # around the requests and such -- but the handlers
-        # have a global state
-
-        # mount has to be called after the server is initialized
-        servlet = Puppet::Network::XMLRPC::WEBrickServlet.new( handler_instances)
-        self.mount("/RPC2", servlet)
-      end
-
-      # Create a ca client to set up our cert for us.
-      def request_cert(ca)
-        client = Puppet::Network::Client.ca.new(:CA => ca)
-        raise Puppet::Error, "Could get certificate" unless client.request_cert
-      end
-
-      # Create all of our handler instances.
-      def setup_handlers(handlers)
-        raise ServerError, "Handlers must have arguments" unless handlers.is_a?(Hash)
-
-        handlers.collect { |handler, args|
-          hclass = nil
-          unless hclass = Puppet::Network::Handler.handler(handler)
-            raise ServerError, "Invalid handler #{handler}"
-          end
-          hclass.new(args)
-        }
-      end
-
-      # Handle all of the many webrick arguments.
-      def setup_webrick(hash)
-        hash[:Port] ||= Puppet[:masterport]
-        hash[:Logger] ||= self.httplog
-        hash[:AccessLog] ||= [
-          [ self.httplog, WEBrick::AccessLog::COMMON_LOG_FORMAT ],
-          [ self.httplog, WEBrick::AccessLog::REFERER_LOG_FORMAT ]
-        ]
-
-        hash[:SSLCertificateStore] = x509store
-        hash[:SSLCertificate] = self.cert
-        hash[:SSLPrivateKey] = self.key
-        hash[:SSLStartImmediately] = true
-        hash[:SSLEnable] = true
-        hash[:SSLCACertificateFile] = Puppet[:localcacert]
-        hash[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER
-        hash[:SSLCertName] = nil
-
-        if addr = Puppet[:bindaddress] and addr != ""
-          hash[:BindAddress] = addr
-        end
-      end
-    end
-  end
-end
-