Populate krb_principal_name from GSS_NAME env var

mod_auth_gssapi provides by default the local name in
REMOTE_USER and the full principal in GSS_NAME. Grab a
copy of that principal for krb_principal_name.

https://fedorahosted.org/ipsilon/ticket/115

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index 6fc0c53..dbb531a 100644 (file)
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -42,7 +42,11 @@ class KrbAuth(LoginPageBase):
         us.remote_login()
         self.user = us.get_user()
         if not self.user.is_anonymous:
         us.remote_login()
         self.user = us.get_user()
         if not self.user.is_anonymous:

-            userdata = {'krb_principal_name': self.user.name}
+            principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None)
+            if principal:
+                userdata = {'krb_principal_name': principal}
+            else:
+                userdata = {'krb_principal_name': self.user.name}

             return self.lm.auth_successful(trans, self.user.name,
                                            'krb', userdata)
         else:
             return self.lm.auth_successful(trans, self.user.name,
                                            'krb', userdata)
         else: