lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 17:39:12 +00:00
Code Issues Activity

Fix attribute API call whitelist handling

Browse Source
This commit is contained in:
Lauri Võsandi
2017-03-26 16:58:29 +00:00
parent 13db28aaac
commit 77db728294
1 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
certidude/api/attrib.py
View File

@@ -1,7 +1,7 @@
import falcon import falcon
import logging import logging
import ipaddress from ipaddress import ip_address
from xattr import getxattr, listxattr from xattr import getxattr, listxattr
from datetime import datetime from datetime import datetime
from certidude import config, authority from certidude import config, authority
@@ -17,8 +17,11 @@ class AttributeResource(object):
This not only contains tags and lease information, This not only contains tags and lease information,
but might also contain some other sensitive information. but might also contain some other sensitive information.
""" """
try:
path, buf, cert = authority.get_signed(cn) path, buf, cert = authority.get_signed(cn)
except IOError:
raise falcon.HTTPNotFound()
else:
attribs = dict() attribs = dict()
for key in listxattr(path): for key in listxattr(path):
if not key.startswith("user."): if not key.startswith("user."):
@@ -33,7 +36,7 @@ class AttributeResource(object):
current = current[component] current = current[component]
current[key] = value current[key] = value
whitelist = attribs.get("user").get("address") whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))
if req.context.get("remote_addr") != whitelist: if req.context.get("remote_addr") != whitelist:
logger.info("Attribute access denied from %s, expected %s for %s", logger.info("Attribute access denied from %s, expected %s for %s",