X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/bfdba2e4f73fced5d2d37b1351016168883e996b..46eb68a8b8105d0746e28fe0d2a4309a01a040d9:/code/view.py diff --git a/code/view.py b/code/view.py index 1a63eda..5d4750d 100644 --- a/code/view.py +++ b/code/view.py @@ -78,7 +78,27 @@ def require_login(): raise cherrypy.HTTPError(403, "You are not authorized to access that resource") -cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login) +cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150) + +def remote_user_login(): + """Get the current user based on the SSL or GSSAPI environment variables""" + environ = cherrypy.request.wsgi_environ + user = environ.get('REMOTE_USER') + if user is None: + return + else: + cherrypy.request.login = None # clear what cherrypy put there + + if environ.get('AUTH_TYPE') == 'Negotiate': + # Convert the krb5 principal into a krb4 username + if not user.endswith('@%s' % config.kerberos.realm): + cherrypy.request.login = False # failed to login + else: + cherrypy.request.login = user.split('@')[0].replace('/', '.') + else: + cherrypy.request.login = user + +cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50) def invirtwebstate_init(): """Initialize the cherrypy.request.state object from Invirt"""