summaryrefslogtreecommitdiffstats
path: root/custodia/log.py
diff options
context:
space:
mode:
Diffstat (limited to 'custodia/log.py')
-rw-r--r--custodia/log.py19
1 files changed, 19 insertions, 0 deletions
diff --git a/custodia/log.py b/custodia/log.py
index ff71137..c49a29e 100644
--- a/custodia/log.py
+++ b/custodia/log.py
@@ -52,6 +52,12 @@ AUDIT_SET_DENIED = 4
AUDIT_DEL_ALLOWED = 5
AUDIT_DEL_DENIED = 6
AUDIT_LAST = 7
+AUDIT_SVC_NONE = 8
+AUDIT_SVC_AUTH_PASS = 9
+AUDIT_SVC_AUTH_FAIL = 10
+AUDIT_SVC_AUTHZ_PASS = 11
+AUDIT_SVC_AUTHZ_FAIL = 12
+AUDIT_SVC_LAST = 13
AUDIT_MESSAGES = [
"AUDIT FAILURE",
"ALLOWED: '{client:s}' requested key '{key:s}'", # AUDIT_GET_ALLOWED
@@ -60,6 +66,13 @@ AUDIT_MESSAGES = [
"DENIED: '{client:s}' stored key '{key:s}'", # AUDIT_SET_DENIED
"ALLOWED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_ALLOWED
"DENIED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_DENIED
+ "AUDIT FAILURE 7",
+ "AUDIT FAILURE 8",
+ "PASS({tag:s}): '{cli:s}' authenticated as '{name:s}'", # SVC_AUTH_PASS
+ "FAIL({tag:s}): '{cli:s}' authenticated as '{name:s}'", # SVC_AUTH_FAIL
+ "PASS({tag:s}): '{cli:s}' authorized for '{name:s}'", # SVC_AUTHZ_PASS
+ "FAIL({tag:s}): '{cli:s}' authorized for '{name:s}'", # SVC_AUTHZ_FAIL
+ "AUDIT FAILURE 13",
]
@@ -79,3 +92,9 @@ class AuditLog(object):
if action <= AUDIT_NONE or action >= AUDIT_LAST:
action = AUDIT_NONE
self._log(AUDIT_MESSAGES[action].format(client=client, key=keyname))
+
+ def svc_access(self, action, client, tag, name):
+ if action <= AUDIT_SVC_NONE or action >= AUDIT_SVC_LAST:
+ action = AUDIT_NONE
+ self._log(AUDIT_MESSAGES[action].format(cli=str(client), tag=tag,
+ name=name))
generated by cgit (git 2.34.1) at 2024-05-03 09:51:49 +0000