Browse Source

Add audit logging.

master
Bernd Zeimetz 7 years ago
parent
commit
e9430cb782
3 changed files with 31 additions and 3 deletions
  1. 2
    2
      monkeystore-server.py
  2. 2
    0
      monkeystore/config.py
  3. 27
    1
      monkeystore/web.py

+ 2
- 2
monkeystore-server.py View File

@@ -44,8 +44,8 @@ except ImportError:
if __name__ == '__main__':
if len(sys.argv) > 1:
host, port = sys.argv[1:]
app.run(host=host, port=int(port))
app.run(host=host, port=int(port), debug=True)
else:
app.run()
app.run(debug=True)



+ 2
- 0
monkeystore/config.py View File

@@ -22,3 +22,5 @@ CATEGORY_USERS = {
'network' : set( acl_network + acl_bereitschaft )
}

LOGGER_NAME = 'monkeystore'
LOGGER_LOCATION = '/tmp/monkeystore.log'

+ 27
- 1
monkeystore/web.py View File

@@ -46,6 +46,19 @@ flask_shelve_init(app)
api = XMLRPCHandler('api')
api.connect(app, '/')

import logging.handlers
file_handler = logging.handlers.WatchedFileHandler(app.config['LOGGER_LOCATION'])
if app.debug:
file_handler.setFormatter(logging.Formatter('%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'))
file_handler.setLevel(logging.DEBUG)
else:
file_handler.setFormatter(logging.Formatter('%(asctime)s %(levelname)s: %(message)s'))
file_handler.setLevel(logging.INFO)
log_handler = logging.handlers.SysLogHandler(address="/dev/log", facility=logging.handlers.SysLogHandler.LOG_LOCAL0)
log_handler.setLevel(logging.DEBUG)
app.logger.addHandler(file_handler)
app.logger.addHandler(log_handler)

gpg_pwstore = GPGpwstore(app.config)

def __take_token__(pwstore_user):
@@ -69,11 +82,13 @@ def add_password(pwstore_user,
category, hostname, service, username,
password_crypt, description_crypt=''):
token = __take_token__(pwstore_user)
app.logger.info("User %s adding %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
try:
return gpg_pwstore.add_password(pwstore_user, token,
category, hostname, service, username,
password_crypt, description_crypt)
except GPGpwstoreException, e:
app.logger.warn("User %s failed to add %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
raise Fault("Failed to add password", str(e))

@api.register
@@ -83,11 +98,13 @@ def update_password(pwstore_user,
token = __take_token__(pwstore_user)
if description_crypt=='':
description_crypt=None
app.logger.info("User %s updating %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
try:
gpg_pwstore.update_password(pwstore_user, token,
category, hostname, service, username,
password_crypt, description_crypt)
except GPGpwstoreException, e:
app.logger.warn("User %s failed to update %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
raise Fault("Failed to update password", str(e))

@api.register
@@ -95,25 +112,31 @@ def reencrypt_password(pwstore_user,
category, hostname, service, username,
password_crypt):
token = __take_token__(pwstore_user)
app.logger.info("User %s reencrypting %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
try:
gpg_pwstore.update_password(pwstore_user, token,
category, hostname, service, username,
password_crypt, None, reencrypt=True)
except GPGpwstoreException, e:
raise Fault("Failed to update password", str(e))
app.logger.warn("User %s failed to reencrypt %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
raise Fault("Failed to reencrypt password", str(e))

@api.register
def get_password(pwstore_user, category, hostname, service, username):
app.logger.info("User %s retrieving %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
try:
return gpg_pwstore.get_password(pwstore_user, category, hostname, service, username)
except GPGpwstoreException, e:
app.logger.info("User %s failed to retrieve %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
raise Fault("Failed to retrieve password",str(e))

@api.register
def get_password_by_url(pwstore_user, url):
app.logger.info("User %s retrieving %s." %(pwstore_user, url))
try:
return gpg_pwstore.get_password_by_url(pwstore_user, url)
except GPGpwstoreException, e:
app.logger.info("User %s failed to retrieve %s." %(pwstore_user, url))
raise Fault("Failed to retrieve password",str(e))


@@ -165,15 +188,18 @@ def retrieve_token(pwstore_user):

@api.register
def get_metadata(pwstore_user):
app.logger.info("User %s retrieving METADATA" %(pwstore_user, ))
return gpg_pwstore.get_metadata(pwstore_user)

@api.register
def delete_password(pwstore_user, token, category, hostname, service, username):
app.logger.info("User %s deleting %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
if token != __take_token__(pwstore_user):
raise Fault('Failed to delete', "Token invalid - no access!")
return gpg_pwstore.delete_password(pwstore_user, category, hostname, service, username)

@api.register
def get_url(pwstore_user, category, hostname, service, username):
app.logger.info("User %s retrieving shortURL for %s/%s/%s/%s." %(pwstore_user, category, hostname, service,username))
return gpg_pwstore.get_url(pwstore_user, category, hostname, service, username)


Loading…
Cancel
Save