import os
import subprocess
+import tempfile
import ldap
import ldap.filter
-from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.backends import RemoteUserBackend
+from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.views import login
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseRedirect
from django.core.exceptions import ObjectDoesNotExist
from django.core.validators import URLValidator, ValidationError
-import settings
+from django.conf import settings
def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
proc = subprocess.Popen(
def pag_check_output(args, **kwargs):
return pag_check_helper(subprocess.check_output, args, **kwargs)
+def kinit(keytab=None, principal=None, autodelete=True, ):
+ if not keytab:
+ keytab = settings.KRB_KEYTAB
+ if not principal:
+ principal = settings.KRB_PRINCIPAL
+ assert keytab and principal
+ fd = tempfile.NamedTemporaryFile(mode='rb', prefix="krb5cc_djmit_", delete=autodelete, )
+ env = dict(KRB5CCNAME=fd.name)
+ kinit_cmd = ['kinit', '-k', '-t', keytab, principal, ]
+ subprocess.check_call(kinit_cmd, env=env)
+ return fd
+
class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
header = 'SSL_CLIENT_S_DN_Email'
return username
def configure_user(self, user, ):
username = user.username
- user.password = "ScriptsSSLAuth"
+ user.set_unusable_password()
con = ldap.open('ldap-too.mit.edu')
con.simple_bind_s("", "")
dn = "dc=mit,dc=edu"
def scripts_login(request, **kwargs):
host = request.META['HTTP_HOST'].split(':')[0]
- if host == 'localhost':
+ if host in ('localhost', '127.0.0.1'):
return login(request, **kwargs)
elif request.META['SERVER_PORT'] == '444':
if request.user.is_authenticated():