Skip to content
Permalink
Browse files

Fix rbac denies of tls/raw connections requests

  • Loading branch information...
cvaroqui committed Jul 1, 2019
1 parent 770791f commit b1719fa04d5e9bd401e03eda8eeaa37555ed80c5
Showing with 15 additions and 4 deletions.
  1. +15 −4 lib/osvcd_lsnr.py
@@ -579,9 +579,14 @@ def __init__(self, parent, conn, addr, encrypted, scheme, tls, tls_context):
self.streams = {}
self.h2conn = None
self.events_stream_ids = []
self.usr = None
self.usr_auth = None
self.usr_grants = {}
if scheme == "raw":
self.usr = False
self.usr_auth = "secret"
self.usr_grants = {"root": None}
else:
self.usr = None
self.usr_auth = None
self.usr_grants = {}
self.events_counter = 0

def __str__(self):
@@ -1143,7 +1148,13 @@ def rbac_requires(self, namespaces=None, roles=None, action=None, **kwargs):
if not len(namespaces - role_namespaces):
# role granted on all namespaces
return
raise HTTP(403, "Forbidden: handler '%s' requested by user '%s' with grants '%s' requires role '%s'" % (action, self.usr.svcname, self.format_grants(self.usr_grants), ",".join(roles)))
raise HTTP(403, "Forbidden: handler '%s' requested by user '%s' with "
"grants '%s' requires role '%s'" % (
action,
self.usr.svcname if self.usr else self.usr,
self.format_grants(self.usr_grants),
",".join(roles)
))

@staticmethod
def format_grants(grants):

0 comments on commit b1719fa

Please sign in to comment.
You can’t perform that action at this time.