diff options
Diffstat (limited to 'custodia/httpd/authorizers.py')
-rw-r--r-- | custodia/httpd/authorizers.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/custodia/httpd/authorizers.py b/custodia/httpd/authorizers.py index dbf3d37..d6fe7c7 100644 --- a/custodia/httpd/authorizers.py +++ b/custodia/httpd/authorizers.py @@ -2,11 +2,14 @@ import os +from custodia import log + class HTTPAuthorizer(object): def __init__(self, config=None): self.config = config + self._auditlog = log.AuditLog(self.config) self.store_name = None if self.config and 'store' in self.config: self.store_name = self.config['store'] @@ -36,10 +39,16 @@ class SimplePathAuthz(HTTPAuthorizer): # special case to match a path ending in / authz = authz[:-1] if authz == path: + self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request['creds']['pid'], + "SPA", path) return True while path != '': if path in self.paths: + self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request['creds']['pid'], + "SPA", path) return True if path == '/': path = '' @@ -63,12 +72,21 @@ class UserNameSpace(HTTPAuthorizer): name = request.get('remote_user', None) if name is None: # UserNameSpace requires a user ... + self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_FAIL, + request.get('creds', {'pid': 0})['pid'], + "UNS(%s)" % self.path, path) return False namespace = self.path.rstrip('/') + '/' + name + '/' if not path.startswith(namespace): # Not in the namespace + self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_FAIL, + request.get('creds', {'pid': 0})['pid'], + "UNS(%s)" % self.path, path) return False request['default_namespace'] = name + self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request.get('creds', {'pid': 0})['pid'], + "UNS(%s)" % self.path, path) return True |