Skip to content
Snippets Groups Projects
Commit 7af9a781 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

Secret checking not needed anymore if authenticated by cert name (and its better for transition)

parent 974de254
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
warden3/warden_server/warden_server.py
+ 6
10
View file @ 7af9a781
...@@ -288,10 +288,9 @@ class PlainAuthenticator(ObjectBase): ...@@ -288,10 +288,9 @@ class PlainAuthenticator(ObjectBase):
return "%s(req=%s, db=%s)" % (type(self).__name__, type(self.req).__name__, type(self.db).__name__) return "%s(req=%s, db=%s)" % (type(self).__name__, type(self.req).__name__, type(self.db).__name__)
def authenticate(self, env, args): def authenticate(self, env, args, hostnames = None, check_secret = True):
name = args.get("client", [None])[0] name = args.get("client", [None])[0]
secret = args.get("secret", [None])[0] secret = args.get("secret", [None])[0] if check_secret else None
hostnames = args.get("hostnames", [None])[0]
client = self.db.get_client_by_name(hostnames, name, secret) client = self.db.get_client_by_name(hostnames, name, secret)
...@@ -302,7 +301,7 @@ class PlainAuthenticator(ObjectBase): ...@@ -302,7 +301,7 @@ class PlainAuthenticator(ObjectBase):
# Clients with 'secret' set must get authenticated by it. # Clients with 'secret' set must get authenticated by it.
# No secret turns secret auth off for this particular client. # No secret turns secret auth off for this particular client.
if client.secret is not None and secret is None: if client.secret is not None and secret is None and check_secret:
self.log.info("authenticate: missing secret argument") self.log.info("authenticate: missing secret argument")
return None return None
...@@ -311,7 +310,6 @@ class PlainAuthenticator(ObjectBase): ...@@ -311,7 +310,6 @@ class PlainAuthenticator(ObjectBase):
# These args are not for handler # These args are not for handler
args.pop("client", None) args.pop("client", None)
args.pop("secret", None) args.pop("secret", None)
args.pop("hostnames", None)
return client return client
...@@ -366,9 +364,7 @@ class X509Authenticator(PlainAuthenticator): ...@@ -366,9 +364,7 @@ class X509Authenticator(PlainAuthenticator):
exception.log(self.log) exception.log(self.log)
return None return None
args["hostnames"] = [cert_names] return PlainAuthenticator.authenticate(self, env, args, hostnames = cert_names)
return PlainAuthenticator.authenticate(self, env, args)
class X509NameAuthenticator(PlainAuthenticator): class X509NameAuthenticator(PlainAuthenticator):
...@@ -386,7 +382,7 @@ class X509NameAuthenticator(PlainAuthenticator): ...@@ -386,7 +382,7 @@ class X509NameAuthenticator(PlainAuthenticator):
exception.log(self.log) exception.log(self.log)
return None return None
return PlainAuthenticator.authenticate(self, env, args) return PlainAuthenticator.authenticate(self, env, args, check_secret = False)
class X509MixMatchAuthenticator(PlainAuthenticator): class X509MixMatchAuthenticator(PlainAuthenticator):
...@@ -421,7 +417,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator): ...@@ -421,7 +417,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator):
else: else:
auth = self.hostname_auth auth = self.hostname_auth
self.log.info("MixMatch is choosing %s" % type(auth).__name__) self.log.info("MixMatch is choosing %s (name: %s, cert_name: %s)" % (type(auth).__name__, name, cert_name))
return auth.authenticate(env, args) return auth.authenticate(env, args)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment