diff options
Diffstat (limited to 'custodia/log.py')
-rw-r--r-- | custodia/log.py | 47 |
1 files changed, 44 insertions, 3 deletions
diff --git a/custodia/log.py b/custodia/log.py index 12a6ba7..3f258e5 100644 --- a/custodia/log.py +++ b/custodia/log.py @@ -17,11 +17,15 @@ def stacktrace(): return f.getvalue() +def get_time(): + t = time.gmtime(time.time()) + return '%04d/%02d/%02d %02d:%02d:%02d' % ( + t[0], t[1], t[2], t[3], t[4], t[5]) + + def error(msg, head=None): if head is not None: - t = time.gmtime(time.time()) - head = '%04d/%02d/%02d %02d:%02d:%02d' % ( - t[0], t[1], t[2], t[3], t[4], t[5]) + head = get_time() sys.stderr.write('[%s] %s\n' % (head, msg)) @@ -29,3 +33,40 @@ def debug(msg): if DEBUG: error(msg, 'DEBUG') sys.stderr.write(stacktrace()) + + +AUDIT_NONE = 0 +AUDIT_GET_ALLOWED = 1 +AUDIT_GET_DENIED = 2 +AUDIT_SET_ALLOWED = 3 +AUDIT_SET_DENIED = 4 +AUDIT_DEL_ALLOWED = 5 +AUDIT_DEL_DENIED = 6 +AUDIT_LAST = 7 +AUDIT_MESSAGES = [ + "AUDIT FAILURE", + "ALLOWED: '{client:s}' requested key '{key:s}'", # AUDIT_GET_ALLOWED + "DENIED: '{client:s}' requested key '{key:s}'", # AUDIT_GET_DENIED + "ALLOWED: '{client:s}' stored key '{key:s}'", # AUDIT_SET_ALLOWED + "DENIED: '{client:s}' stored key '{key:s}'", # AUDIT_SET_DENIED + "ALLOWED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_ALLOWED + "DENIED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_DENIED +] + + +class audit_log(object): + + def __init__(self, config): + if config is None: + config = {} + self.logfile = config.get('auditlog', 'custodia.audit.log') + + def _log(self, message): + with open(self.logfile, 'a+') as f: + f.write('%s: %s\n' % (get_time(), message)) + f.flush() + + def key_access(self, action, client, keyname): + if action <= AUDIT_NONE or action >= AUDIT_LAST: + action = AUDIT_NONE + self._log(AUDIT_MESSAGES[action].format(client=client, key=keyname)) |