From 9b30f4674465b8e5f9bfcb359a9a9336dec0d120 Mon Sep 17 00:00:00 2001
From: "rcritten@redhat.com" <rcritten@redhat.com>
Date: Wed, 5 Sep 2007 13:14:23 -0400
Subject: Enable LDAP SASL authentication using a forwarded kerberos ticket
 Handle both SASL auth and proxied authentication Refactor LDAP connection
 code to be simpler Other small bug fixes

---
 ipa-server/xmlrpc-server/ipaxmlrpc.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'ipa-server/xmlrpc-server/ipaxmlrpc.py')

diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index 5dc60b51b..f2ddd35e8 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -126,13 +126,19 @@ class ModXMLRPCRequestHandler(object):
     def register_instance(self,instance):
         self.register_module(instance)
 
-    def _marshaled_dispatch(self, data, remoteuser):
+    def _marshaled_dispatch(self, data, req):
         """Dispatches an XML-RPC method from marshalled (XML) data."""
 
         params, method = loads(data)
 
+        # Populate the Apache environment variables
+        req.add_common_vars()
+
         opts={}
-        opts['remoteuser'] = remoteuser
+        opts['remoteuser'] = req.user
+
+        if req.subprocess_env.get("KRB5CCNAME") is not None:
+            opts['keytab'] = req.subprocess_env.get("KRB5CCNAME")
 
         # Tack onto the end of the passed-in arguments any options we also
         # need
@@ -263,7 +269,7 @@ class ModXMLRPCRequestHandler(object):
             req.allow_methods(['POST'],1)
             raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED
 
-        response = self._marshaled_dispatch(req.read(), req.user)
+        response = self._marshaled_dispatch(req.read(), req)
 
         req.content_type = "text/xml"
         req.set_content_length(len(response))
-- 
cgit