mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
5a00882eab
Cleanup up no longer used Pylint's disables where possible. Fixes: https://pagure.io/freeipa/issue/9117 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
48 lines
1.6 KiB
Python
48 lines
1.6 KiB
Python
# Copyright (C) 2015 Custodia Project Contributors - see LICENSE file
|
|
from __future__ import absolute_import
|
|
|
|
import os
|
|
|
|
from ipaserver.custodia import log
|
|
from ipaserver.custodia.plugin import HTTPAuthorizer
|
|
|
|
|
|
class SimplePathAuthz(HTTPAuthorizer):
|
|
# keep SimplePathAuthz an old-style plugin for now.
|
|
# KEMKeysStore and IPAKEMKeys haven't been ported.
|
|
|
|
def __init__(self, config):
|
|
super(SimplePathAuthz, self).__init__(config)
|
|
self.paths = []
|
|
if 'paths' in self.config:
|
|
self.paths = self.config['paths'].split()
|
|
|
|
def handle(self, request):
|
|
reqpath = path = request.get('path', '')
|
|
|
|
# if an authorized path does not end in /
|
|
# check if it matches fullpath for strict match
|
|
for authz in self.paths:
|
|
if authz.endswith('/'):
|
|
continue
|
|
if authz.endswith('.'):
|
|
# special case to match a path ending in /
|
|
authz = authz[:-1]
|
|
if authz == path:
|
|
self.audit_svc_access(log.AUDIT_SVC_AUTHZ_PASS,
|
|
request['client_id'], path)
|
|
return True
|
|
|
|
while path != '':
|
|
if path in self.paths:
|
|
self.audit_svc_access(log.AUDIT_SVC_AUTHZ_PASS,
|
|
request['client_id'], path)
|
|
return True
|
|
if path == '/':
|
|
path = ''
|
|
else:
|
|
path, _head = os.path.split(path)
|
|
|
|
self.logger.debug('No path in %s matched %s', self.paths, reqpath)
|
|
return None
|