1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Fix attribute API call whitelist handling

This commit is contained in:
Lauri Võsandi 2017-03-26 16:58:29 +00:00
parent 13db28aaac
commit 77db728294

View File

@ -1,7 +1,7 @@
import falcon
import logging
import ipaddress
from ipaddress import ip_address
from xattr import getxattr, listxattr
from datetime import datetime
from certidude import config, authority
@ -17,8 +17,11 @@ class AttributeResource(object):
This not only contains tags and lease information,
but might also contain some other sensitive information.
"""
try:
path, buf, cert = authority.get_signed(cn)
except IOError:
raise falcon.HTTPNotFound()
else:
attribs = dict()
for key in listxattr(path):
if not key.startswith("user."):
@ -33,7 +36,7 @@ class AttributeResource(object):
current = current[component]
current[key] = value
whitelist = attribs.get("user").get("address")
whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))
if req.context.get("remote_addr") != whitelist:
logger.info("Attribute access denied from %s, expected %s for %s",