rpms / koji

Clone
Source Code
GIT

Blame 5a23afaeeb1c54ccfb86e20b1f35c0215635536a.patch

1.12.0 el5 el6 epel7 epel8 epel8-playground epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main rawhide
  1.   59e7c097f68dde14764fbae9e1e7f30841c11f4e
  2.   5a23afaeeb1c54ccfb86e20b1f35c0215635536a.patch
Blob History Raw
3142586 
From 5a23afaeeb1c54ccfb86e20b1f35c0215635536a Mon Sep 17 00:00:00 2001
3142586 
From: Patrick Uiterwijk <puiterwijk@redhat.com>
3142586 
Date: May 04 2017 14:02:58 +0000
3142586 
Subject: Make proxyuser consistent between ssl and krb
3142586
3142586
3142586 
Currently, krb would expect a krb principal where ssl expects a username.
3142586 
This makes krb use the username, but also accept the krb_principal for
3142586 
backwards compatibility.
3142586
3142586 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
3142586
3142586 
---
3142586
3142586 
diff --git a/koji/auth.py b/koji/auth.py
3142586 
index 3cba331..105f998 100644
3142586 
--- a/koji/auth.py
3142586 
+++ b/koji/auth.py
3142586 
@@ -328,10 +328,14 @@ class Session(object):
3142586 
             login_principal = cprinc.name
3142586 
         user_id = self.getUserIdFromKerberos(login_principal)
3142586 
         if not user_id:
3142586 
-            if context.opts.get('LoginCreatesUser'):
3142586 
-                user_id = self.createUserFromKerberos(login_principal)
3142586 
-            else:
3142586 
-                raise koji.AuthError('Unknown Kerberos principal: %s' % login_principal)
3142586 
+            user_id = self.getUserId(login_principal)
3142586 
+            if not user_id:
3142586 
+                # Only do autocreate if we also couldn't find by username AND the proxyuser
3142586 
+                # looks like a krb5 principal
3142586 
+                if context.opts.get('LoginCreatesUser') and '@' in login_principal:
3142586 
+                    user_id = self.createUserFromKerberos(login_principal)
3142586 
+                else:
3142586 
+                    raise koji.AuthError('Unknown Kerberos principal: %s' % login_principal)
3142586
3142586 
         self.checkLoginAllowed(user_id)
3142586
3142586 
@@ -575,6 +579,19 @@ class Session(object):
3142586 
         #for compatibility
3142586 
         return self.host_id
3142586
3142586 
+    def getUserId(self, username):
3142586 
+        """Return the user ID associated with a particular username. If no user
3142586 
+        with the given username if found, return None."""
3142586 
+        c = context.cnx.cursor()
3142586 
+        q = """SELECT id FROM users WHERE name = %(username)s"""
3142586 
+        c.execute(q, locals())
3142586 
+        r = c.fetchone()
3142586 
+        c.close()
3142586 
+        if r:
3142586 
+            return r[0]
3142586 
+        else:
3142586 
+            return None
3142586 
+
3142586 
     def getUserIdFromKerberos(self, krb_principal):
3142586 
         """Return the user ID associated with a particular Kerberos principal.
3142586 
         If no user with the given princpal if found, return None."""
3142586
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.