[PATCH 2/3] allow the hub server principal to be defined

[Aron Parsons]

When using Kerberos in an Active Directory environment, the
server principal is not the typical host/server at REALM format, but
rather HOSTNAME$.  Allow the hub principal to be defined in the
conf file, but fallback to the old behavior if it's not present.
---
 koji/__init__.py              |   19 +++++++++++--------
 www/kojiweb/index.py          |    3 ++-
 www/kojiweb/wsgi_publisher.py |    1 +
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/koji/__init__.py b/koji/__init__.py
index 81be227..58a4880 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1699,14 +1699,17 @@ class ClientSession(object):
     def _serverPrincipal(self, cprinc):
         """Get the Kerberos principal of the server we're connecting
         to, based on baseurl."""
-        servername = self._host
-        #portspec = servername.find(':')
-        #if portspec != -1:
-        #    servername = servername[:portspec]
-        realm = cprinc.realm
-        service = self.opts.get('krbservice', 'host')
-
-        return '%s/%s@%s' % (service, servername, realm)
+        if self.opts.get('hubprincipal', None):
+            return self.opts.get('hubprincipal', None)
+        else:
+            servername = self._host
+            #portspec = servername.find(':')
+            #if portspec != -1:
+            #    servername = servername[:portspec]
+            realm = cprinc.realm
+            service = self.opts.get('krbservice', 'host')
+
+            return '%s/%s@%s' % (service, servername, realm)
 
     def ssl_login(self, cert, ca, serverca, proxyuser=None):
         certs = {}
diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index 0505c9c..f13afd2 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -158,7 +158,8 @@ def _assertLogin(environ):
 def _getServer(environ):
     opts = environ['koji.options']
     session = koji.ClientSession(opts['KojiHubURL'],
-                                 opts={'krbservice': opts['KrbService']})
+                                 opts={'krbservice': opts['KrbService'],
+                                       'hubprincipal': opts['HubPrincipal']})
 
     environ['koji.currentLogin'] = _getUserCookie(environ)
     if environ['koji.currentLogin']:
diff --git a/www/kojiweb/wsgi_publisher.py b/www/kojiweb/wsgi_publisher.py
index 3f7a5a5..d269db4 100644
--- a/www/kojiweb/wsgi_publisher.py
+++ b/www/kojiweb/wsgi_publisher.py
@@ -70,6 +70,7 @@ class Dispatcher(object):
         ['KojiTheme', 'string', None],
         ['KojiGreeting', 'string', 'Welcome to Koji Web'],
 
+        ['HubPrincipal', 'string', None],
         ['WebPrincipal', 'string', None],
         ['WebKeytab', 'string', '/etc/httpd.keytab'],
         ['WebCCache', 'string', '/var/tmp/kojiweb.ccache'],
-- 
1.7.1