diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
commit | b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch) | |
tree | ec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/ipa-gui | |
parent | ed6ab17c9c703edb43c92a3205c5536771ce4d4f (diff) | |
download | freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip |
Use ticket forwarding with TurboGears. mod_proxy forwards the principal
name and location of the keytab. In order for this keytab to be usable
TurboGears and Apache will need to run as the same user. We will also need
to listen only on localhost in TG.
Diffstat (limited to 'ipa-server/ipa-gui')
-rw-r--r-- | ipa-server/ipa-gui/ipagui/controllers.py | 17 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/proxyprovider.py | 7 |
2 files changed, 14 insertions, 10 deletions
diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py index a07555257..a04da7a0e 100644 --- a/ipa-server/ipa-gui/ipagui/controllers.py +++ b/ipa-server/ipa-gui/ipagui/controllers.py @@ -2,6 +2,7 @@ import random from pickle import dumps, loads from base64 import b64encode, b64decode +import os import cherrypy import turbogears from turbogears import controllers, expose, flash @@ -77,7 +78,7 @@ class Root(controllers.RootController): def usercreate(self, **kw): """Creates a new user""" restrict_post() - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) if kw.get('submit') == 'Cancel': turbogears.flash("Add user cancelled") raise turbogears.redirect('/userlist') @@ -115,7 +116,7 @@ class Root(controllers.RootController): if tg_errors: turbogears.flash("There was a problem with the form!") - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) user = client.get_user_by_uid(uid, user_fields) user_dict = user.toDict() # Edit shouldn't fill in the password field. @@ -132,7 +133,7 @@ class Root(controllers.RootController): def userupdate(self, **kw): """Updates an existing user""" restrict_post() - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) if kw.get('submit') == 'Cancel Edit': turbogears.flash("Edit user cancelled") raise turbogears.redirect('/usershow', uid=kw.get('uid')) @@ -181,7 +182,7 @@ class Root(controllers.RootController): @identity.require(identity.not_anonymous()) def userlist(self, **kw): """Retrieve a list of all users and display them in one huge list""" - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) users = None counter = 0 uid = kw.get('uid') @@ -204,7 +205,7 @@ class Root(controllers.RootController): @identity.require(identity.not_anonymous()) def usershow(self, uid): """Retrieve a single user for display""" - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) try: user = client.get_user_by_uid(uid, user_fields) return dict(user=user.toDict(), fields=forms.user.UserFields()) @@ -242,7 +243,7 @@ class Root(controllers.RootController): if (len(givenname) == 0) or (len(sn) == 0): return "" - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) givenname = givenname.lower() sn = sn.lower() @@ -328,7 +329,7 @@ class Root(controllers.RootController): @expose("ipagui.templates.groupindex") @identity.require(identity.not_anonymous()) def groupindex(self, tg_errors=None): - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) return dict() @@ -339,5 +340,5 @@ class Root(controllers.RootController): @expose("ipagui.templates.resindex") @identity.require(identity.not_anonymous()) def resindex(self, tg_errors=None): - client.set_principal(identity.current.user_name) + client.set_krbccache(os.environ["KRB5CCNAME"]) return dict() diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py index 125198806..cc9d91644 100644 --- a/ipa-server/ipa-gui/ipagui/proxyprovider.py +++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py @@ -1,6 +1,7 @@ from turbogears.identity.soprovider import * from turbogears.identity.visitor import * import logging +import os log = logging.getLogger("turbogears.identity") @@ -97,8 +98,10 @@ class ProxyIdentityProvider(SqlObjectIdentityProvider): def load_identity(self, visit_key): try: -# user_name= cherrypy.request.headers['X-FORWARDED-USER'] - user_name= "test@FREEIPA.ORG" + user_name= cherrypy.request.headers['X-FORWARDED-USER'] + os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB'] +# user_name = "test@FREEIPA.ORG" +# os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500" except KeyError: return None set_login_attempted( True ) |