Enable mod_proxy to sit in front of TurboGears and pass along the

kerberos principal name Add an identity an visit class to TurboGears that can handle the user without requiring a database Update the UI to show the user correctly. Note that this is currently disabled. It is hardcoded to always return the principal test@FREEIPA.ORG in proxyprovider.py It doesn't handle an unauthorized request because that can never happen.
author: rcritten <devnull@localhost> 2007-09-10 16:33:01 -0400
committer: rcritten <devnull@localhost> 2007-09-10 16:33:01 -0400
commit: 182fbe30945a8de005f00b460968dca7973342fb (patch)
tree: 644f8efd633cbb41a387fb33e3deab8de20718b5 /ipa-server/ipa-gui/ipagui/proxyprovider.py
parent: 37d10e0c51dc289d815c05cd4d051e9d4120399e (diff)
download: freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.tar.gz
freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.tar.xz
freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.zip
1 files changed, 118 insertions, 0 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py
new file mode 100644
index 00000000..12519880
--- /dev/null
+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py
@@ -0,0 +1,118 @@
+from turbogears.identity.soprovider import *
+from turbogears.identity.visitor import *
+import logging
+
+log = logging.getLogger("turbogears.identity")
+
+class IPA_User(object):
+    '''
+    Shell of a User definition. We don't really need much here.
+    '''
+
+    def __init__(self, user_name):
+        self.user_name = user_name
+        self.display_name = user_name
+        self.permissions = None
+        self.groups = None
+        return
+
+class ProxyIdentity(object):
+    def __init__(self, visit_key, user=None):
+        if user:
+            self._user= user
+        self.visit_key= visit_key
+   
+    def _get_user(self):
+        try:
+            return self._user
+        except AttributeError:
+            # User hasn't already been set
+            return None
+    user= property(_get_user)
+
+    def _get_user_name(self):
+        if not self.user:
+            return None
+        return self.user.user_name
+    user_name= property(_get_user_name)
+
+    def _get_name(self):
+        if not self.user:
+            return None
+        return self.user.name
+    user_name= property(_get_name)
+
+    def _get_anonymous(self):
+        return not self.user
+    anonymous= property(_get_anonymous)
+
+    def _get_permissions(self):
+        try:
+            return self._permissions
+        except AttributeError:
+            # Permissions haven't been computed yet
+            return None
+    permissions= property(_get_permissions)
+
+    def _get_groups(self):
+        try:
+            return self._groups
+        except AttributeError:
+            # Groups haven't been computed yet
+            return None
+    groups= property(_get_groups)
+
+    def logout(self):
+        '''
+        Remove the link between this identity and the visit.
+        '''
+        # Clear the current identity
+        anon= ProxyObjectIdentity(None,None)
+        #XXX if user is None anonymous will be true, no need to set attr.
+        #anon.anonymous= True
+        identity.set_current_identity( anon )
+
+class ProxyIdentityProvider(SqlObjectIdentityProvider):
+    '''
+    IdentityProvider that uses REMOTE_USER from Apache
+    '''
+    def __init__(self):
+        super(ProxyIdentityProvider, self).__init__()
+        get = turbogears.config.get
+        # We can get any config variables here
+        log.info( "Proxy Identity starting" )
+
+    def create_provider_model(self):
+        pass
+
+    def validate_identity(self, user_name, password, visit_key):
+        user = IPA_User(user_name)
+        log.debug( "validate_identity %s" % user_name)
+  
+        return ProxyIdentity(visit_key, user)
+
+    def validate_password(self, user, user_name, password):
+        '''Validation has already occurred in the proxy'''
+        return True
+
+    def load_identity(self, visit_key):
+        try:
+#            user_name= cherrypy.request.headers['X-FORWARDED-USER']
+             user_name= "test@FREEIPA.ORG"
+        except KeyError:
+            return None
+        set_login_attempted( True )
+        return self.validate_identity( user_name, None, visit_key )
+
+    def anonymous_identity( self ):
+        '''
+        This shouldn't ever happen in IPA but including it to include the
+        entire identity API.
+        '''
+        return ProxyIdentity( None )
+
+    def authenticated_identity(self, user):
+        '''
+        Constructs Identity object for user that has no associated visit_key.
+        '''
+        return ProxyIdentity(None, user)
author	rcritten <devnull@localhost>	2007-09-10 16:33:01 -0400
committer	rcritten <devnull@localhost>	2007-09-10 16:33:01 -0400
commit	182fbe30945a8de005f00b460968dca7973342fb (patch)
tree	644f8efd633cbb41a387fb33e3deab8de20718b5 /ipa-server/ipa-gui/ipagui/proxyprovider.py
parent	37d10e0c51dc289d815c05cd4d051e9d4120399e (diff)
download	freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.tar.gz freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.tar.xz freeipa.git-182fbe30945a8de005f00b460968dca7973342fb.zip