2 files changed, 13 insertions, 1 deletions

diff --git a/custodia/httpd/authenticators.py b/custodia/httpd/authenticators.py
index 9ec622d..854fdc7 100644
--- a/custodia/httpd/authenticators.py
+++ b/custodia/httpd/authenticators.py
@@ -1,5 +1,6 @@
 # Copyright (C) 2015  Custodia Project Contributors - see LICENSE file
 
+import logging
 import os
 
 from cryptography.hazmat.primitives import constant_time
@@ -7,6 +8,8 @@ from cryptography.hazmat.primitives import constant_time
 from custodia import log
 from custodia.httpd.server import HTTPError
 
+logger = logging.getLogger(__name__)
+
 
 class HTTPAuthenticator(object):
 
@@ -32,6 +35,7 @@ class SimpleCredsAuth(HTTPAuthenticator):
     def handle(self, request):
         creds = request.get('creds')
         if creds is None:
+            logger.debug('SCA: Missing "creds" from request')
             return False
         uid = int(creds['gid'])
         gid = int(creds['uid'])
@@ -60,6 +64,7 @@ class SimpleHeaderAuth(HTTPAuthenticator):
 
     def handle(self, request):
         if self.name not in request['headers']:
+            logger.debug('SHA: No "headers" in request')
             return None
         value = request['headers'][self.name]
         if self.value is None:
@@ -107,6 +112,7 @@ class SimpleAuthKeys(HTTPAuthenticator):
         name = request['headers'].get(self.id_header, None)
         key = request['headers'].get(self.key_header, None)
         if name is None and key is None:
+            logger.debug('SAK: Ignoring request no relevant headers provided')
             return None
 
         validated = False
diff --git a/custodia/httpd/authorizers.py b/custodia/httpd/authorizers.py
index 365b80c..292abf1 100644
--- a/custodia/httpd/authorizers.py
+++ b/custodia/httpd/authorizers.py
@@ -1,9 +1,12 @@
 # Copyright (C) 2015  Custodia Project Contributors - see LICENSE file
 
+import logging
 import os
 
 from custodia import log
 
+logger = logging.getLogger(__name__)
+
 
 class HTTPAuthorizer(object):
 
@@ -28,7 +31,7 @@ class SimplePathAuthz(HTTPAuthorizer):
             self.paths = self.config['paths'].split()
 
     def handle(self, request):
-        path = request.get('path', '')
+        reqpath = path = request.get('path', '')
 
         # if an authorized path does not end in /
         # check if it matches fullpath for strict match
@@ -54,6 +57,8 @@ class SimplePathAuthz(HTTPAuthorizer):
                 path = ''
             else:
                 path, _ = os.path.split(path)
+
+        logger.debug('SPA: No path in %s matched %s', self.paths, reqpath)
         return None
 
 
@@ -67,6 +72,7 @@ class UserNameSpace(HTTPAuthorizer):
         # Only check if we are in the right (sub)path
         path = request.get('path', '/')
         if not path.startswith(self.path):
+            logger.debug('UNS: %s is not contained in %s', path, self.path)
             return None
 
         name = request.get('remote_user', None)