| Line | |
|---|
| 1 |
"""FixupHandlers for SSPI. |
|---|
| 2 |
|
|---|
| 3 |
mod_auth_sspi has a couple of broken behaviors: |
|---|
| 4 |
|
|---|
| 5 |
1. If you specify "Require group <groupname>", you cannot also specify |
|---|
| 6 |
SSPIOmitDomain (if you do, no SSPI call will be made, and Apache will |
|---|
| 7 |
then go looking for a groups file which probably doesn't exist). |
|---|
| 8 |
|
|---|
| 9 |
You can fix this problem by adding the following line to your .conf: |
|---|
| 10 |
|
|---|
| 11 |
PythonFixupHandler fixupsspi::strip_domain |
|---|
| 12 |
|
|---|
| 13 |
2. "SSPIUsernameCase lower" causes my Apache to fail to start. |
|---|
| 14 |
|
|---|
| 15 |
You can fix this problem by adding the following line to your .conf: |
|---|
| 16 |
|
|---|
| 17 |
PythonFixupHandler fixupsspi::lcase_user |
|---|
| 18 |
|
|---|
| 19 |
|
|---|
| 20 |
Put them together, and you get: |
|---|
| 21 |
|
|---|
| 22 |
<Location /incidents> |
|---|
| 23 |
SetHandler mod_python |
|---|
| 24 |
PythonHandler trac.web.modpython_frontend |
|---|
| 25 |
PythonOption TracUriRoot "/incidents" |
|---|
| 26 |
PythonOption TracEnv "C:/projects/incidents/trac" |
|---|
| 27 |
|
|---|
| 28 |
#NT Domain auth config |
|---|
| 29 |
AuthType SSPI |
|---|
| 30 |
AuthName "Amor Ministries" |
|---|
| 31 |
|
|---|
| 32 |
SSPIAuth On |
|---|
| 33 |
SSPIAuthoritative On |
|---|
| 34 |
SSPIDomain HQAMOR |
|---|
| 35 |
PythonFixupHandler fixupsspi::strip_domain fixupsspi::lcase_user |
|---|
| 36 |
|
|---|
| 37 |
Require group "HQAMOR\Amor Staff" |
|---|
| 38 |
</Location> |
|---|
| 39 |
|
|---|
| 40 |
""" |
|---|
| 41 |
|
|---|
| 42 |
from mod_python import apache |
|---|
| 43 |
|
|---|
| 44 |
def strip_domain(req): |
|---|
| 45 |
if req.user: |
|---|
| 46 |
if "\\" in req.user: |
|---|
| 47 |
req.user = req.user.split("\\", 1)[1] |
|---|
| 48 |
return apache.OK |
|---|
| 49 |
|
|---|
| 50 |
def lcase_user(req): |
|---|
| 51 |
if req.user: |
|---|
| 52 |
req.user = req.user.lower() |
|---|
| 53 |
return apache.OK |
|---|
| 54 |
|
|---|
