1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Fix attribute API call whitelist handling

This commit is contained in:
Lauri Võsandi 2017-03-26 16:58:29 +00:00
parent 13db28aaac
commit 77db728294

View File

@ -1,7 +1,7 @@
import falcon import falcon
import logging import logging
import ipaddress from ipaddress import ip_address
from xattr import getxattr, listxattr from xattr import getxattr, listxattr
from datetime import datetime from datetime import datetime
from certidude import config, authority from certidude import config, authority
@ -17,8 +17,11 @@ class AttributeResource(object):
This not only contains tags and lease information, This not only contains tags and lease information,
but might also contain some other sensitive information. but might also contain some other sensitive information.
""" """
try:
path, buf, cert = authority.get_signed(cn) path, buf, cert = authority.get_signed(cn)
except IOError:
raise falcon.HTTPNotFound()
else:
attribs = dict() attribs = dict()
for key in listxattr(path): for key in listxattr(path):
if not key.startswith("user."): if not key.startswith("user."):
@ -33,7 +36,7 @@ class AttributeResource(object):
current = current[component] current = current[component]
current[key] = value current[key] = value
whitelist = attribs.get("user").get("address") whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))
if req.context.get("remote_addr") != whitelist: if req.context.get("remote_addr") != whitelist:
logger.info("Attribute access denied from %s, expected %s for %s", logger.info("Attribute access denied from %s, expected %s for %s",