Commit a7b1ae99 authored by ale's avatar ale

Log the shard when we are unlocking a key

parent 8d3f4507
Pipeline #5423 passed with stages
in 3 minutes and 11 seconds
......@@ -188,17 +188,17 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
// We unlock the keystore if the following conditions are met:
// keystore_enable_groups is set, userinfo is not nil, and the groups match.
func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password string, userinfo *auth.UserInfo) (bool, error) {
func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password string, userinfo *auth.UserInfo) (bool, string, error) {
if h.keystore == nil {
return false, nil
return false, "", nil
}
if len(h.keystoreGroups) > 0 {
if userinfo == nil {
return false, nil
return false, "", nil
}
if !inAnyGroups(userinfo.Groups, h.keystoreGroups) {
return false, nil
return false, "", nil
}
}
......@@ -209,7 +209,7 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
// Add a 'grace time' of 30 minutes to the key ttl.
ttl := h.authSessionLifetime + 1800
return true, h.keystore.Open(ctx, shard, username, password, ttl)
return true, shard, h.keystore.Open(ctx, shard, username, password, ttl)
}
// Callback called by the login handler whenever a user successfully
......@@ -217,14 +217,18 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
func (h *Server) loginCallback(ctx context.Context, username, password string, userinfo *auth.UserInfo) error {
// Open the keystore for this user, with the same password
// used to authenticate.
decrypted, err := h.maybeUnlockKeystore(ctx, username, password, userinfo)
decrypted, shard, err := h.maybeUnlockKeystore(ctx, username, password, userinfo)
if err != nil {
return fmt.Errorf("failed to unlock keystore for user %s: %v", username, err)
}
var kmsg string
if decrypted {
kmsg = " (key unlocked)"
kmsg = " (key unlocked"
if shard != "" {
kmsg += fmt.Sprintf(", shard %s", shard)
}
kmsg += ")"
}
log.Printf("successful login for user %s%s", username, kmsg)
return nil
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment