diff options
| author | Christian Heimes <cheimes@redhat.com> | 2015-10-06 15:44:13 +0200 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-10-19 12:18:30 -0400 |
| commit | 92e35e55d82e7cbb125da0c32eacec080eea2a54 (patch) | |
| tree | 9c030734543e3d618fc12999dd2648286e363ee4 /custodia/httpd/authenticators.py | |
| parent | b20b47b100b2716273a5abfe2850e994c1d3e69d (diff) | |
| download | custodia-92e35e55d82e7cbb125da0c32eacec080eea2a54.tar.gz custodia-92e35e55d82e7cbb125da0c32eacec080eea2a54.tar.xz custodia-92e35e55d82e7cbb125da0c32eacec080eea2a54.zip | |
Add support for using listening on TCP sockets
The server can be now configured using a new parameter called
"server_url".
Setting server_url to "http://0.0.0.0:80/" will make the server listen
on TCP port 80, while setting it to "http+unix://%2fsocket" will make
the server listen on the unix socket named "/socket".
The backwards compatible "server_socket" is retained and used if no
server_url is provided.
The request dict has a new field "client_id" that contains either a
PID or a peer name. In the future the field can be augmented with a
TLS client cert DN or other similar identifier.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'custodia/httpd/authenticators.py')
| -rw-r--r-- | custodia/httpd/authenticators.py | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/custodia/httpd/authenticators.py b/custodia/httpd/authenticators.py index bed2bc4..33166ec 100644 --- a/custodia/httpd/authenticators.py +++ b/custodia/httpd/authenticators.py @@ -30,16 +30,19 @@ class SimpleCredsAuth(HTTPAuthenticator): self._gid = int(self.config['gid']) def handle(self, request): - uid = int(request['creds']['gid']) - gid = int(request['creds']['uid']) + creds = request.get('creds') + if creds is None: + return False + uid = int(creds['gid']) + gid = int(creds['uid']) if self._gid == gid or self._uid == uid: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SCA", "%d, %d" % (uid, gid)) return True else: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SCA", "%d, %d" % (uid, gid)) return False @@ -65,23 +68,23 @@ class SimpleHeaderAuth(HTTPAuthenticator): elif isinstance(self.value, str): if value != self.value: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False elif isinstance(self.value, list): if value not in self.value: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False else: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SHA", value) request['remote_user'] = value return True @@ -116,18 +119,18 @@ class SimpleAuthKeys(HTTPAuthenticator): validated = True except Exception: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SAK", name) return False if validated: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SAK", name) request['remote_user'] = name return True self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SAK", name) return False |