diff options
| author | Simo Sorce <simo@redhat.com> | 2015-10-20 14:51:36 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-10-23 14:10:46 -0400 |
| commit | fe1688417d319771a23bdca54c7de7e99d4d0d0c (patch) | |
| tree | 5c227e567d3ee114a9f772e6760a78878f32b996 | |
| parent | 817c3ca3d6339cc0d98ce8e81578e3a145832150 (diff) | |
| download | custodia-fe1688417d319771a23bdca54c7de7e99d4d0d0c.tar.gz custodia-fe1688417d319771a23bdca54c7de7e99d4d0d0c.tar.xz custodia-fe1688417d319771a23bdca54c7de7e99d4d0d0c.zip | |
Add more debug logging to auth/authz plugins
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
| -rw-r--r-- | custodia/httpd/authenticators.py | 6 | ||||
| -rw-r--r-- | custodia/httpd/authorizers.py | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/custodia/httpd/authenticators.py b/custodia/httpd/authenticators.py index 9ec622d..854fdc7 100644 --- a/custodia/httpd/authenticators.py +++ b/custodia/httpd/authenticators.py @@ -1,5 +1,6 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file +import logging import os from cryptography.hazmat.primitives import constant_time @@ -7,6 +8,8 @@ from cryptography.hazmat.primitives import constant_time from custodia import log from custodia.httpd.server import HTTPError +logger = logging.getLogger(__name__) + class HTTPAuthenticator(object): @@ -32,6 +35,7 @@ class SimpleCredsAuth(HTTPAuthenticator): def handle(self, request): creds = request.get('creds') if creds is None: + logger.debug('SCA: Missing "creds" from request') return False uid = int(creds['gid']) gid = int(creds['uid']) @@ -60,6 +64,7 @@ class SimpleHeaderAuth(HTTPAuthenticator): def handle(self, request): if self.name not in request['headers']: + logger.debug('SHA: No "headers" in request') return None value = request['headers'][self.name] if self.value is None: @@ -107,6 +112,7 @@ class SimpleAuthKeys(HTTPAuthenticator): name = request['headers'].get(self.id_header, None) key = request['headers'].get(self.key_header, None) if name is None and key is None: + logger.debug('SAK: Ignoring request no relevant headers provided') return None validated = False diff --git a/custodia/httpd/authorizers.py b/custodia/httpd/authorizers.py index 365b80c..292abf1 100644 --- a/custodia/httpd/authorizers.py +++ b/custodia/httpd/authorizers.py @@ -1,9 +1,12 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file +import logging import os from custodia import log +logger = logging.getLogger(__name__) + class HTTPAuthorizer(object): @@ -28,7 +31,7 @@ class SimplePathAuthz(HTTPAuthorizer): self.paths = self.config['paths'].split() def handle(self, request): - path = request.get('path', '') + reqpath = path = request.get('path', '') # if an authorized path does not end in / # check if it matches fullpath for strict match @@ -54,6 +57,8 @@ class SimplePathAuthz(HTTPAuthorizer): path = '' else: path, _ = os.path.split(path) + + logger.debug('SPA: No path in %s matched %s', self.paths, reqpath) return None @@ -67,6 +72,7 @@ class UserNameSpace(HTTPAuthorizer): # Only check if we are in the right (sub)path path = request.get('path', '/') if not path.startswith(self.path): + logger.debug('UNS: %s is not contained in %s', path, self.path) return None name = request.get('remote_user', None) |