Fix attribute API call whitelist handling

2025-10-31 09:29:13 +00:00 · 2017-03-26 16:58:29 +00:00
parent 13db28aaac
commit 77db728294
1 changed files with 28 additions and 25 deletions
--- a/certidude/api/attrib.py
+++ b/certidude/api/attrib.py
@@ -1,7 +1,7 @@

 import falcon
 import logging
-import ipaddress
+from ipaddress import ip_address
 from xattr import getxattr, listxattr
 from datetime import datetime
 from certidude import config, authority
@@ -17,8 +17,11 @@ class AttributeResource(object):
        This not only contains tags and lease information,
        but might also contain some other sensitive information.
        """
+        try:
            path, buf, cert = authority.get_signed(cn)
-
+        except IOError:
+            raise falcon.HTTPNotFound()
+        else:
            attribs = dict()
            for key in listxattr(path):
                if not key.startswith("user."):
@@ -33,7 +36,7 @@ class AttributeResource(object):
                        current = current[component]
                current[key] = value

-        whitelist = attribs.get("user").get("address")
+            whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))

            if req.context.get("remote_addr") != whitelist:
                logger.info("Attribute access denied from %s, expected %s for %s",