diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py index 204790eb8949ccfce7f33f95f6297320bb6beb26..8f0b0b60571179ff690b1063564421b11a3a7ba5 100755 --- a/warden3/warden_server/warden_server.py +++ b/warden3/warden_server/warden_server.py @@ -288,10 +288,9 @@ class PlainAuthenticator(ObjectBase): return "%s(req=%s, db=%s)" % (type(self).__name__, type(self.req).__name__, type(self.db).__name__) - def authenticate(self, env, args): + def authenticate(self, env, args, hostnames = None, check_secret = True): name = args.get("client", [None])[0] - secret = args.get("secret", [None])[0] - hostnames = args.get("hostnames", [None])[0] + secret = args.get("secret", [None])[0] if check_secret else None client = self.db.get_client_by_name(hostnames, name, secret) @@ -302,7 +301,7 @@ class PlainAuthenticator(ObjectBase): # Clients with 'secret' set must get authenticated by it. # No secret turns secret auth off for this particular client. - if client.secret is not None and secret is None: + if client.secret is not None and secret is None and check_secret: self.log.info("authenticate: missing secret argument") return None @@ -311,7 +310,6 @@ class PlainAuthenticator(ObjectBase): # These args are not for handler args.pop("client", None) args.pop("secret", None) - args.pop("hostnames", None) return client @@ -366,9 +364,7 @@ class X509Authenticator(PlainAuthenticator): exception.log(self.log) return None - args["hostnames"] = [cert_names] - - return PlainAuthenticator.authenticate(self, env, args) + return PlainAuthenticator.authenticate(self, env, args, hostnames = cert_names) class X509NameAuthenticator(PlainAuthenticator): @@ -386,7 +382,7 @@ class X509NameAuthenticator(PlainAuthenticator): exception.log(self.log) return None - return PlainAuthenticator.authenticate(self, env, args) + return PlainAuthenticator.authenticate(self, env, args, check_secret = False) class X509MixMatchAuthenticator(PlainAuthenticator): @@ -421,7 +417,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator): else: auth = self.hostname_auth - self.log.info("MixMatch is choosing %s" % type(auth).__name__) + self.log.info("MixMatch is choosing %s (name: %s, cert_name: %s)" % (type(auth).__name__, name, cert_name)) return auth.authenticate(env, args)