| 1 | """FixupHandlers for SSPI. |
|---|
| 2 | |
|---|
| 3 | mod_auth_sspi has a couple of broken behaviors: |
|---|
| 4 | |
|---|
| 5 | 1. If you specify "Require group <groupname>", you cannot also specify |
|---|
| 6 | SSPIOmitDomain (if you do, no SSPI call will be made, and Apache will |
|---|
| 7 | then go looking for a groups file which probably doesn't exist). |
|---|
| 8 | |
|---|
| 9 | You can fix this problem by adding the following line to your .conf: |
|---|
| 10 | |
|---|
| 11 | PythonFixupHandler fixupsspi::strip_domain |
|---|
| 12 | |
|---|
| 13 | 2. "SSPIUsernameCase lower" causes my Apache to fail to start. |
|---|
| 14 | |
|---|
| 15 | You can fix this problem by adding the following line to your .conf: |
|---|
| 16 | |
|---|
| 17 | PythonFixupHandler fixupsspi::lcase_user |
|---|
| 18 | |
|---|
| 19 | |
|---|
| 20 | Put them together, and you get: |
|---|
| 21 | |
|---|
| 22 | <Location /incidents> |
|---|
| 23 | SetHandler mod_python |
|---|
| 24 | PythonHandler trac.web.modpython_frontend |
|---|
| 25 | PythonOption TracUriRoot "/incidents" |
|---|
| 26 | PythonOption TracEnv "C:/projects/incidents/trac" |
|---|
| 27 | |
|---|
| 28 | #NT Domain auth config |
|---|
| 29 | AuthType SSPI |
|---|
| 30 | AuthName "Amor Ministries" |
|---|
| 31 | |
|---|
| 32 | SSPIAuth On |
|---|
| 33 | SSPIAuthoritative On |
|---|
| 34 | SSPIDomain HQAMOR |
|---|
| 35 | PythonFixupHandler fixupsspi::strip_domain fixupsspi::lcase_user |
|---|
| 36 | |
|---|
| 37 | Require group "HQAMOR\Amor Staff" |
|---|
| 38 | </Location> |
|---|
| 39 | |
|---|
| 40 | """ |
|---|
| 41 | |
|---|
| 42 | from mod_python import apache |
|---|
| 43 | |
|---|
| 44 | def strip_domain(req): |
|---|
| 45 | if req.user: |
|---|
| 46 | if "\\" in req.user: |
|---|
| 47 | req.user = req.user.split("\\", 1)[1] |
|---|
| 48 | return apache.OK |
|---|
| 49 | |
|---|
| 50 | def lcase_user(req): |
|---|
| 51 | if req.user: |
|---|
| 52 | req.user = req.user.lower() |
|---|
| 53 | return apache.OK |
|---|
