From c12260eef39e630fde25d58cbf1dab44e4b1a605 Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Fri, 14 Nov 2008 03:39:21 -0500
Subject: [PATCH] Add (crude) support for SPNEGO in the web interface

svn path=/trunk/packages/invirt-web/; revision=1642
---
 code/main.py |   13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/code/main.py b/code/main.py
index 551ed04..cf1424a 100755
--- a/code/main.py
+++ b/code/main.py
@@ -652,7 +652,18 @@ def show_error(op, username, fields, err, emsg, traceback):
 
 def getUser(environ):
     """Return the current user based on the SSL environment variables"""
-    return environ.get('REMOTE_USER', None)
+    user = environ.get('REMOTE_USER')
+    if user is None:
+        return
+    
+    if environ.get('AUTH_TYPE') == 'Negotiate':
+        # Convert the krb5 principal into a krb4 username
+        if not user.endswith('@%s' % config.authn[0].realm):
+            return
+        else:
+            return user.split('@')[0].replace('/', '.')
+    else:
+        return user
 
 def handler(username, state, path, fields):
     operation, path = pathSplit(path)
-- 
1.7.9.5