support SSL auth in mod_python compatibility mode

2012-05-11 21:29:06 -04:00 · 2012-05-11 21:29:06 -04:00 · 6236ae6d62
commit 6236ae6d62
parent 4c999fedb6
2 changed files with 10 additions and 4 deletions
--- a/koji/auth.py
+++ b/koji/auth.py
@ -376,15 +376,15 @@ class Session(object):
            raise koji.AuthError, 'cannot call sslLogin() via a non-https connection'

        if context.environ.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
-            raise koji.AuthError, 'could not verify client: %s' % env.get('SSL_CLIENT_VERIFY')
+            raise koji.AuthError, 'could not verify client: %s' % context.environ.get('SSL_CLIENT_VERIFY')

        name_dn_component = context.opts.get('DNUsernameComponent', 'CN')
-        client_name = env.get('SSL_CLIENT_S_DN_%s' % name_dn_component)
+        client_name = context.environ.get('SSL_CLIENT_S_DN_%s' % name_dn_component)
        if not client_name:
            raise koji.AuthError, 'unable to get user information (%s) from client certificate' % name_dn_component

        if proxyuser:
-            client_dn = env.get('SSL_CLIENT_S_DN')
+            client_dn = context.environ.get('SSL_CLIENT_S_DN')
            proxy_dns = [dn.strip() for dn in context.opts.get('ProxyDNs', '').split('|')]
            if client_dn in proxy_dns:
                # the SSL-authenticated user authorized to login other users
--- a/koji/server.py
+++ b/koji/server.py
@ -71,9 +71,15 @@ class WSGIWrapper(object):
        environ.lazyset('modpy.opts', req.get_options, [])
        environ.lazyset('modpy.conf', req.get_config, [])
        environ.lazyset('SCRIPT_NAME', self.script_name, [], cache=True)
-        env_keys = ['SSL_CLIENT_VERIFY', 'HTTPS']
+        env_keys = ['SSL_CLIENT_VERIFY', 'HTTPS', 'SSL_CLIENT_S_DN']
        for key in env_keys:
            environ.lazyset(key, self.envget, [key])
+        # The component of the DN used for the username is usually the CN,
+        # but it is configurable.
+        # Allow retrieval of some common DN components from the environment.
+        for comp in ['C', 'ST', 'L', 'O', 'OU', 'CN', 'Email']:
+            key = 'SSL_CLIENT_S_DN_' + comp
+            environ.lazyset(key, self.envget, [key])
        #gather the headers we care about
        for key in req.headers_in:
            k2 = key.upper()