41: def fail_on_deny(name, args = {})
42: res = :nomatch
43: right = @rights.find do |acl|
44: found = false
45:
46:
47:
48: if match = acl.match?(name)
49: args[:match] = match
50: if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno
51:
52: return if res
53:
54: found = true
55: end
56: end
57: found
58: end
59:
60:
61:
62: if name =~ /^\// or right
63:
64: msg = "%s access to %s [%s]" % [ (args[:node].nil? ? args[:ip] : "#{args[:node]}(#{args[:ip]})"), name, args[:method] ]
65:
66: msg += " authenticated " if args[:authenticated]
67:
68: error = AuthorizationError.new("Forbidden request: " + msg)
69: if right
70: error.file = right.file
71: error.line = right.line
72: end
73: Puppet.warning("Denying access: " + error.to_s)
74: else
75:
76:
77: error = ArgumentError.new "Unknown namespace right '%s'" % name
78: end
79: raise error
80: end