summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-gui
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/ipa-gui')
-rw-r--r--ipa-server/ipa-gui/ipagui/controllers.py15
-rw-r--r--ipa-server/ipa-gui/ipagui/proxyprovider.py7
2 files changed, 13 insertions, 9 deletions
diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py
index 60921122..c16f04c6 100644
--- a/ipa-server/ipa-gui/ipagui/controllers.py
+++ b/ipa-server/ipa-gui/ipagui/controllers.py
@@ -2,6 +2,7 @@ import random
from pickle import dumps, loads
from base64 import b64encode, b64decode
+import os
import cherrypy
import turbogears
from turbogears import controllers, expose, flash
@@ -82,7 +83,7 @@ class Root(controllers.RootController):
def usercreate(self, **kw):
"""Creates a new user"""
restrict_post()
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
if kw.get('submit') == 'Cancel':
turbogears.flash("Add user cancelled")
raise turbogears.redirect('/userlist')
@@ -121,7 +122,7 @@ class Root(controllers.RootController):
turbogears.flash("There was a problem with the form!")
try:
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
user = client.get_user_by_uid(uid, user_fields)
user_dict = user.toDict()
# Edit shouldn't fill in the password field.
@@ -141,7 +142,7 @@ class Root(controllers.RootController):
def userupdate(self, **kw):
"""Updates an existing user"""
restrict_post()
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
if kw.get('submit') == 'Cancel Edit':
turbogears.flash("Edit user cancelled")
raise turbogears.redirect('/usershow', uid=kw.get('uid'))
@@ -204,7 +205,7 @@ class Root(controllers.RootController):
@identity.require(identity.not_anonymous())
def userlist(self, **kw):
"""Searches for users and displays list of results"""
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
users = None
counter = 0
uid = kw.get('uid')
@@ -247,7 +248,7 @@ class Root(controllers.RootController):
@identity.require(identity.not_anonymous())
def usershow(self, uid):
"""Retrieve a single user for display"""
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
try:
user = client.get_user_by_uid(uid, user_fields)
return dict(user=user.toDict(), fields=forms.user.UserFields())
@@ -285,7 +286,7 @@ class Root(controllers.RootController):
if (len(givenname) == 0) or (len(sn) == 0):
return ""
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
givenname = givenname.lower()
sn = sn.lower()
@@ -373,7 +374,7 @@ class Root(controllers.RootController):
@expose("ipagui.templates.groupindex")
@identity.require(identity.not_anonymous())
def groupindex(self, tg_errors=None):
- client.set_principal(identity.current.user_name)
+ client.set_krbccache(os.environ["KRB5CCNAME"])
return dict()
@expose("ipagui.templates.groupnew")
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py
index 539d53ef..4499e797 100644
--- a/ipa-server/ipa-gui/ipagui/proxyprovider.py
+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py
@@ -1,6 +1,7 @@
from turbogears.identity.soprovider import *
from turbogears.identity.visitor import *
import logging
+import os
log = logging.getLogger("turbogears.identity")
@@ -97,8 +98,10 @@ class ProxyIdentityProvider(SqlObjectIdentityProvider):
def load_identity(self, visit_key):
try:
-# user_name= cherrypy.request.headers['X-FORWARDED-USER']
- user_name= "test@FREEIPA.ORG"
+ user_name= cherrypy.request.headers['X-FORWARDED-USER']
+ os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB']
+# user_name = "test@FREEIPA.ORG"
+# os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500"
except KeyError:
return None
set_login_attempted( True )
generated by cgit (git 2.34.1) at 2025-09-06 00:07:30 +0000