diff options
Diffstat (limited to 'custodia/httpd/server.py')
-rw-r--r-- | custodia/httpd/server.py | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/custodia/httpd/server.py b/custodia/httpd/server.py index 7a84526..8f02a78 100644 --- a/custodia/httpd/server.py +++ b/custodia/httpd/server.py @@ -20,8 +20,7 @@ except ImportError: from socketserver import ForkingMixIn, UnixStreamServer from urllib.parse import urlparse, parse_qs, unquote -from custodia.log import debug as log_debug -from custodia.log import stacktrace +from custodia import log SO_PEERCRED = getattr(socket, 'SO_PEERCRED', 17) @@ -36,7 +35,7 @@ class HTTPError(Exception): self.code = code if code is not None else 500 self.mesg = message errstring = '%d: %s' % (self.code, self.mesg) - log_debug(errstring) + log.debug(errstring) super(HTTPError, self).__init__(errstring) @@ -63,6 +62,7 @@ class ForkingLocalHTTPServer(ForkingMixIn, UnixStreamServer): self.config = config if 'server_string' in self.config: self.server_string = self.config['server_string'] + self._auditlog = log.AuditLog(self.config) def server_bind(self): oldmask = os.umask(000) @@ -144,7 +144,7 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): SELINUX_CONTEXT_LEN) context = creds.decode('utf-8') except Exception as e: - log_debug("Couldn't retrieve SELinux Context: (%s)" % str(e)) + log.debug("Couldn't retrieve SELinux Context: (%s)" % str(e)) context = None return {'pid': pid, 'uid': uid, 'gid': gid, 'context': context} @@ -254,7 +254,7 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): return def log_traceback(self): - self.log_error('Traceback:\n%s' % stacktrace()) + self.log_error('Traceback:\n%s' % log.stacktrace()) def pipeline(self, config, request): """ @@ -299,6 +299,9 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): elif valid is True: valid_once = True if valid_once is not True: + self.server._auditlog.svc_access(log.AUDIT_SVC_AUTH_FAIL, + request['creds']['pid'], "MAIN", + 'No auth') raise HTTPError(403) # auhz framework here @@ -310,6 +313,9 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): if valid is not None: break if valid is not True: + self.server._auditlog.svc_access(log.AUDIT_SVC_AUTHZ_FAIL, + request['creds']['pid'], "MAIN", + request.get('path', '/')) raise HTTPError(403) # Select consumer |