Scripts auth: don't activate on 127.0.0.1 either

[Scripts/git/.git] / __init__.py

diff --git a/__init__.py b/__init__.py
index 8f9356d04f4e774aa48ab88b9456a44a9798450a..4d093137dce4e5c278ff26d71b381159ffbc894c 100644 (file)
--- a/__init__.py
+++ b/__init__.py
@@ -1,10 +1,11 @@
 import os
 import subprocess
+import tempfile
 import ldap
 import ldap.filter
 
-from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.backends import RemoteUserBackend
+from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.views import login
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.http import HttpResponseRedirect
@@ -12,7 +13,7 @@ from django.contrib import auth
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.validators import URLValidator, ValidationError
 
-import settings
+from django.conf import settings
 
 def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
     proc = subprocess.Popen(
@@ -56,6 +57,18 @@ def pag_check_call(args, **kwargs):
 def pag_check_output(args, **kwargs):
     return pag_check_helper(subprocess.check_output, args, **kwargs)
 
+def kinit(keytab=None, principal=None, autodelete=True, ):
+    if not keytab:
+        keytab = settings.KRB_KEYTAB
+    if not principal:
+        principal = settings.KRB_PRINCIPAL
+    assert keytab and principal
+    fd = tempfile.NamedTemporaryFile(mode='rb', prefix="krb5cc_djmit_", delete=autodelete, )
+    env = dict(KRB5CCNAME=fd.name)
+    kinit_cmd = ['kinit', '-k', '-t', keytab, principal, ]
+    subprocess.check_call(kinit_cmd, env=env)
+    return fd
+
 class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
     header = 'SSL_CLIENT_S_DN_Email'
 
@@ -69,7 +82,7 @@ class ScriptsRemoteUserBackend(RemoteUserBackend):
             return username
     def configure_user(self, user, ):
         username = user.username
-        user.password = "ScriptsSSLAuth"
+        user.set_unusable_password()
         con = ldap.open('ldap-too.mit.edu')
         con.simple_bind_s("", "")
         dn = "dc=mit,dc=edu"
@@ -116,7 +129,7 @@ def get_or_create_mit_user(username, ):
 
 def scripts_login(request, **kwargs):
     host = request.META['HTTP_HOST'].split(':')[0]
-    if host == 'localhost':
+    if host in ('localhost', '127.0.0.1'):
         return login(request, **kwargs)
     elif request.META['SERVER_PORT'] == '444':
         if request.user.is_authenticated():