allow the username component of the client's DN to be configurable

2007-03-20 10:56:52 -04:00 · 2007-03-20 10:56:52 -04:00 · 1ab7d2c898
commit 1ab7d2c898
parent 27100cd914
2 changed files with 5 additions and 3 deletions
--- a/hub/httpd.conf
+++ b/hub/httpd.conf
@ -15,6 +15,8 @@ Alias /koji-hub "/usr/share/koji-hub/XMLRPC"
        PythonOption AuthPrincipal kojihub@EXAMPLE.COM
        PythonOption AuthKeytab /etc/koji.keytab
        PythonOption ProxyPrincipals kojihub@EXAMPLE.COM
+        # the client username is the common name of the subject of their client certificate     
+        PythonOptions DNUsernameComponent CN
        # separate multiple DNs with |
        PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=example@example.com"
        PythonOption LoginCreatesUser On
@ -33,6 +35,5 @@ Alias /koji-hub "/usr/share/koji-hub/XMLRPC"
 # <Location /kojihub>
 #         SSLVerifyClient require
 #         SSLVerifyDepth  10
-#         SSLUserName SSL_CLIENT_S_DN_CN
 #         SSLOptions +StdEnvVars
 # </Location>
--- a/koji/auth.py
+++ b/koji/auth.py
@ -354,9 +354,10 @@ class Session(object):
        if env.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
            raise koji.AuthError, 'could not verify client: %s' % env.get('SSL_CLIENT_VERIFY')

-        client_name = env.get('SSL_CLIENT_S_DN_CN')
+        name_dn_component = context.opts.get('DNUsernameComponent', 'CN')
+        client_name = env.get('SSL_CLIENT_S_DN_%s' % name_dn_component)
        if not client_name:
-            raise koji.AuthError, 'unable to get user information from client certificate'
+            raise koji.AuthError, 'unable to get user information (%s) from client certificate' % name_dn_component

        if proxyuser:
            client_dn = env.get('SSL_CLIENT_S_DN')