diff options
Diffstat (limited to 'custodia/httpd/authorizers.py')
-rw-r--r-- | custodia/httpd/authorizers.py | 37 |
1 files changed, 14 insertions, 23 deletions
diff --git a/custodia/httpd/authorizers.py b/custodia/httpd/authorizers.py index 292abf1..9827407 100644 --- a/custodia/httpd/authorizers.py +++ b/custodia/httpd/authorizers.py @@ -1,18 +1,14 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file -import logging import os from custodia import log -logger = logging.getLogger(__name__) - -class HTTPAuthorizer(object): +class HTTPAuthorizer(log.CustodiaPlugin): def __init__(self, config=None): - self.config = config - self._auditlog = log.auditlog + super(HTTPAuthorizer, self).__init__(config) self.store_name = None if self.config and 'store' in self.config: self.store_name = self.config['store'] @@ -42,23 +38,21 @@ class SimplePathAuthz(HTTPAuthorizer): # special case to match a path ending in / authz = authz[:-1] if authz == path: - self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, - request['client_id'], - "SPA", path) + self.audit_svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request['client_id'], path) return True while path != '': if path in self.paths: - self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, - request['client_id'], - "SPA", path) + self.audit_svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request['client_id'], path) return True if path == '/': path = '' else: path, _ = os.path.split(path) - logger.debug('SPA: No path in %s matched %s', self.paths, reqpath) + self.logger.debug('No path in %s matched %s', self.paths, reqpath) return None @@ -72,27 +66,24 @@ class UserNameSpace(HTTPAuthorizer): # Only check if we are in the right (sub)path path = request.get('path', '/') if not path.startswith(self.path): - logger.debug('UNS: %s is not contained in %s', path, self.path) + self.logger.debug('%s is not contained in %s', path, self.path) return None name = request.get('remote_user', None) if name is None: # UserNameSpace requires a user ... - self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_FAIL, - request['client_id'], - "UNS(%s)" % self.path, path) + self.audit_svc_access(log.AUDIT_SVC_AUTHZ_FAIL, + request['client_id'], path) return False namespace = self.path.rstrip('/') + '/' + name + '/' if not path.startswith(namespace): # Not in the namespace - self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_FAIL, - request['client_id'], - "UNS(%s)" % self.path, path) + self.audit_svc_access(log.AUDIT_SVC_AUTHZ_FAIL, + request['client_id'], path) return False request['default_namespace'] = name - self._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_PASS, - request['client_id'], - "UNS(%s)" % self.path, path) + self.audit_svc_access(log.AUDIT_SVC_AUTHZ_PASS, + request['client_id'], path) return True |