| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The server can be now configured using a new parameter called
"server_url".
Setting server_url to "http://0.0.0.0:80/" will make the server listen
on TCP port 80, while setting it to "http+unix://%2fsocket" will make
the server listen on the unix socket named "/socket".
The backwards compatible "server_socket" is retained and used if no
server_url is provided.
The request dict has a new field "client_id" that contains either a
PID or a peer name. In the future the field can be augmented with a
TLS client cert DN or other similar identifier.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
| |
Moves the secrets.Namespaces plugin to the proper authorizers file and
fixes it to properly enforce the user-named namespace is being used.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #9
|
| |
|
|
|
|
|
| |
This avoids issues where spaces get turned to %20 and then name
matching comparisons (like for KEMHandler) fail.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
If debug is set to True, then custodia's own Exception handlers will
print a stack trace to standard output to aid debugging.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Doesn't really make sense to have it on the server class,
just snatch the config from it.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Authenticators will not signal anymore validity by adding a request
attributes.
Instead they can return on of three values:
- True, indicates positive authentication
- False, indicate explicit failure
- None, inicates neither success nor failure, not applicable
|
| |
|
|
|
| |
Allow only specific commands, we do not want to allow users to end up
being able to access internal functions with arbitrary names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a very simple implementation of a prototype API.
Anyone that has access to the server and causes an authentication
plugin to set the 'remote_user' value in the request, can retrieve
and store secrets,
Secrets are namespaced to the user requsteing them, so sharing secrets
between multiple users is not possible.
Secrets must to be of type "simple" and can only have one value.
The value can be anything that can be reprsented in json format.
It is recommended to pass a base64 encoded value.
|
| |
|
|
|
| |
Accept a maximum of 10 Megabytes and relies on proper Content-length
being set by the client
|
| |
|
|
|
|
|
|
| |
Silence pylint errors due to python3 imports
Switch to HTTP 1.0 by default, this terminates each request by
default which make it handier for manual testing with clients
like curl.
Properly handle a consumer returning nothing (None) as output.
|
| |
|
|
|
|
| |
Each "page" is added to a parent consumer by callin add_sub() on the
desired parent and provide a "page name" and the consumer class that
handles it.
|
| | |
|
| | |
|
| | |
|
|
|
This required the renaming of the http directory to avoid clashes with the
python3 own http/server module.
|
