From fe1688417d319771a23bdca54c7de7e99d4d0d0c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 20 Oct 2015 14:51:36 -0400 Subject: Add more debug logging to auth/authz plugins Signed-off-by: Simo Sorce Reviewed-by: Christian Heimes --- custodia/httpd/authenticators.py | 6 ++++++ custodia/httpd/authorizers.py | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/custodia/httpd/authenticators.py b/custodia/httpd/authenticators.py index 9ec622d..854fdc7 100644 --- a/custodia/httpd/authenticators.py +++ b/custodia/httpd/authenticators.py @@ -1,5 +1,6 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file +import logging import os from cryptography.hazmat.primitives import constant_time @@ -7,6 +8,8 @@ from cryptography.hazmat.primitives import constant_time from custodia import log from custodia.httpd.server import HTTPError +logger = logging.getLogger(__name__) + class HTTPAuthenticator(object): @@ -32,6 +35,7 @@ class SimpleCredsAuth(HTTPAuthenticator): def handle(self, request): creds = request.get('creds') if creds is None: + logger.debug('SCA: Missing "creds" from request') return False uid = int(creds['gid']) gid = int(creds['uid']) @@ -60,6 +64,7 @@ class SimpleHeaderAuth(HTTPAuthenticator): def handle(self, request): if self.name not in request['headers']: + logger.debug('SHA: No "headers" in request') return None value = request['headers'][self.name] if self.value is None: @@ -107,6 +112,7 @@ class SimpleAuthKeys(HTTPAuthenticator): name = request['headers'].get(self.id_header, None) key = request['headers'].get(self.key_header, None) if name is None and key is None: + logger.debug('SAK: Ignoring request no relevant headers provided') return None validated = False diff --git a/custodia/httpd/authorizers.py b/custodia/httpd/authorizers.py index 365b80c..292abf1 100644 --- a/custodia/httpd/authorizers.py +++ b/custodia/httpd/authorizers.py @@ -1,9 +1,12 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file +import logging import os from custodia import log +logger = logging.getLogger(__name__) + class HTTPAuthorizer(object): @@ -28,7 +31,7 @@ class SimplePathAuthz(HTTPAuthorizer): self.paths = self.config['paths'].split() def handle(self, request): - path = request.get('path', '') + reqpath = path = request.get('path', '') # if an authorized path does not end in / # check if it matches fullpath for strict match @@ -54,6 +57,8 @@ class SimplePathAuthz(HTTPAuthorizer): path = '' else: path, _ = os.path.split(path) + + logger.debug('SPA: No path in %s matched %s', self.paths, reqpath) return None @@ -67,6 +72,7 @@ class UserNameSpace(HTTPAuthorizer): # Only check if we are in the right (sub)path path = request.get('path', '/') if not path.startswith(self.path): + logger.debug('UNS: %s is not contained in %s', path, self.path) return None name = request.get('remote_user', None) -- cgit