mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Fix attribute API call whitelist handling
This commit is contained in:
parent
13db28aaac
commit
77db728294
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
import falcon
|
import falcon
|
||||||
import logging
|
import logging
|
||||||
import ipaddress
|
from ipaddress import ip_address
|
||||||
from xattr import getxattr, listxattr
|
from xattr import getxattr, listxattr
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from certidude import config, authority
|
from certidude import config, authority
|
||||||
@ -17,8 +17,11 @@ class AttributeResource(object):
|
|||||||
This not only contains tags and lease information,
|
This not only contains tags and lease information,
|
||||||
but might also contain some other sensitive information.
|
but might also contain some other sensitive information.
|
||||||
"""
|
"""
|
||||||
|
try:
|
||||||
path, buf, cert = authority.get_signed(cn)
|
path, buf, cert = authority.get_signed(cn)
|
||||||
|
except IOError:
|
||||||
|
raise falcon.HTTPNotFound()
|
||||||
|
else:
|
||||||
attribs = dict()
|
attribs = dict()
|
||||||
for key in listxattr(path):
|
for key in listxattr(path):
|
||||||
if not key.startswith("user."):
|
if not key.startswith("user."):
|
||||||
@ -33,7 +36,7 @@ class AttributeResource(object):
|
|||||||
current = current[component]
|
current = current[component]
|
||||||
current[key] = value
|
current[key] = value
|
||||||
|
|
||||||
whitelist = attribs.get("user").get("address")
|
whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))
|
||||||
|
|
||||||
if req.context.get("remote_addr") != whitelist:
|
if req.context.get("remote_addr") != whitelist:
|
||||||
logger.info("Attribute access denied from %s, expected %s for %s",
|
logger.info("Attribute access denied from %s, expected %s for %s",
|
||||||
|
Loading…
Reference in New Issue
Block a user