2017-05-04 17:56:53 +00:00
|
|
|
import falcon
|
|
|
|
import logging
|
2017-07-05 15:22:03 +00:00
|
|
|
from certidude import const, config, authority
|
2017-05-04 17:56:53 +00:00
|
|
|
from certidude.decorators import serialize
|
|
|
|
from jinja2 import Environment, FileSystemLoader
|
2017-07-05 15:22:03 +00:00
|
|
|
from certidude.firewall import whitelist_subject
|
2017-05-04 17:56:53 +00:00
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
|
|
|
|
|
|
|
|
class ScriptResource():
|
2017-07-05 15:22:03 +00:00
|
|
|
@whitelist_subject
|
2017-05-04 17:56:53 +00:00
|
|
|
def on_get(self, req, resp, cn):
|
|
|
|
try:
|
|
|
|
path, buf, cert, attribs = authority.get_attributes(cn)
|
|
|
|
except IOError:
|
|
|
|
raise falcon.HTTPNotFound()
|
|
|
|
else:
|
2017-07-05 15:22:03 +00:00
|
|
|
script = config.SCRIPT_DEFAULT
|
|
|
|
tags = []
|
2017-07-05 21:22:02 +00:00
|
|
|
try:
|
|
|
|
for tag in attribs.get("user").get("xdg").get("tags").split(","):
|
|
|
|
if "=" in tag:
|
|
|
|
k, v = tag.split("=", 1)
|
|
|
|
else:
|
|
|
|
k, v = "other", tag
|
|
|
|
if k == "script":
|
|
|
|
script = v
|
|
|
|
tags.append(dict(id=tag, key=k, value=v))
|
|
|
|
except AttributeError: # No tags
|
|
|
|
pass
|
2017-05-04 17:56:53 +00:00
|
|
|
|
2017-07-05 15:22:03 +00:00
|
|
|
resp.set_header("Content-Type", "text/x-shellscript")
|
|
|
|
resp.body = env.get_template(script).render(
|
|
|
|
authority_name=const.FQDN,
|
|
|
|
common_name=cn,
|
|
|
|
tags=tags,
|
|
|
|
attributes=attribs.get("user").get("machine"))
|
|
|
|
logger.info("Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))
|
2017-05-04 17:56:53 +00:00
|
|
|
# TODO: Assert time is within reasonable range
|