From: Simo Sorce <simo@redhat.com>
Date: Thu, 9 Oct 2014 15:30:25 +0000 (-0400)
Subject: Fix mod_auth_kerb based authentication
X-Git-Tag: v0.3.0~61
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=73c60e2df7ac240ddd847568e782a9b06f3ea520

Fix mod_auth_kerb based authentication

Recent changes in how self.user is populated broke krb based auth.
Explicitly check the remote user in the module to fix it.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index 5f2d682..965d018 100755
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -21,6 +21,7 @@ from ipsilon.login.common import LoginPageBase, LoginManagerBase
 from ipsilon.login.common import FACILITY
 from ipsilon.util.plugin import PluginObject
 from ipsilon.util.trans import Transaction
+from ipsilon.util.user import UserSession
 from string import Template
 import cherrypy
 import os
@@ -40,7 +41,10 @@ class KrbAuth(LoginPageBase):
         trans = Transaction('login', **kwargs)
         # If we can get here, we must be authenticated and remote_user
         # was set. Check the session has a user set already or error.
-        if self.user and self.user.name:
+        us = UserSession()
+        us.remote_login()
+        self.user = us.get_user()
+        if not self.user.is_anonymous:
             userdata = {'krb_principal_name': self.user.name}
             return self.lm.auth_successful(trans, self.user.name,
                                            'krb', userdata)