diff options
Diffstat (limited to 'custodia/httpd/authenticators.py')
-rw-r--r-- | custodia/httpd/authenticators.py | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/custodia/httpd/authenticators.py b/custodia/httpd/authenticators.py index bed2bc4..33166ec 100644 --- a/custodia/httpd/authenticators.py +++ b/custodia/httpd/authenticators.py @@ -30,16 +30,19 @@ class SimpleCredsAuth(HTTPAuthenticator): self._gid = int(self.config['gid']) def handle(self, request): - uid = int(request['creds']['gid']) - gid = int(request['creds']['uid']) + creds = request.get('creds') + if creds is None: + return False + uid = int(creds['gid']) + gid = int(creds['uid']) if self._gid == gid or self._uid == uid: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SCA", "%d, %d" % (uid, gid)) return True else: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SCA", "%d, %d" % (uid, gid)) return False @@ -65,23 +68,23 @@ class SimpleHeaderAuth(HTTPAuthenticator): elif isinstance(self.value, str): if value != self.value: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False elif isinstance(self.value, list): if value not in self.value: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False else: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SHA", value) return False self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SHA", value) request['remote_user'] = value return True @@ -116,18 +119,18 @@ class SimpleAuthKeys(HTTPAuthenticator): validated = True except Exception: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SAK", name) return False if validated: self._auditlog.svc_access(log.AUDIT_SVC_AUTH_PASS, - request['creds']['pid'], + request['client_id'], "SAK", name) request['remote_user'] = name return True self._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, - request['creds']['pid'], + request['client_id'], "SAK", name) return False |