root/fixupsspi.py

Revision 70 (checked in by fumanchu, 7 years ago)	Renamed stripdomain to fixupsspi and added a lcase_user handler and a docstring.

Line
1	"""FixupHandlers for SSPI.
2
3	mod_auth_sspi has a couple of broken behaviors:
4
5	1. If you specify "Require group <groupname>", you cannot also specify
6	SSPIOmitDomain (if you do, no SSPI call will be made, and Apache will
7	then go looking for a groups file which probably doesn't exist).
8
9	You can fix this problem by adding the following line to your .conf:
10
11	PythonFixupHandler fixupsspi::strip_domain
12
13	2. "SSPIUsernameCase lower" causes my Apache to fail to start.
14
15	You can fix this problem by adding the following line to your .conf:
16
17	PythonFixupHandler fixupsspi::lcase_user
18
19
20	Put them together, and you get:
21
22	<Location /incidents>
23	SetHandler mod_python
24	PythonHandler trac.web.modpython_frontend
25	PythonOption TracUriRoot "/incidents"
26	PythonOption TracEnv "C:/projects/incidents/trac"
27
28	#NT Domain auth config
29	AuthType SSPI
30	AuthName "Amor Ministries"
31
32	SSPIAuth On
33	SSPIAuthoritative On
34	SSPIDomain HQAMOR
35	PythonFixupHandler fixupsspi::strip_domain fixupsspi::lcase_user
36
37	Require group "HQAMOR\Amor Staff"
38	</Location>
39
40	"""
41
42	from mod_python import apache
43
44	def strip_domain(req):
45	if req.user:
46	if "\\" in req.user:
47	req.user = req.user.split("\\", 1)[1]
48	return apache.OK
49	else:
50	return apache.DECLINED
51
52	def lcase_user(req):
53	if req.user:
54	req.user = req.user.lower()
55	return apache.OK
56	else:
57	return apache.DECLINED
58

Note: See TracBrowser for help on using the browser.