From eff0e0d68e56e329f4f7c3dac5c73d002d3a5b09 Mon Sep 17 00:00:00 2001
From: lsimngar <Alvaro.SimonGarcia@UGent.be>
Date: Thu, 27 Aug 2015 11:03:10 +0200
Subject: [PATCH] Include new Kerberos remote auth

(cherry picked from commit 0b94f2fc41f7c5ab9eeb628c922988c5f0e60192)
---
 src/cloud/common/CloudAuth.rb                 |  1 +
 src/cloud/common/CloudAuth/RemoteCloudAuth.rb | 40 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 src/cloud/common/CloudAuth/RemoteCloudAuth.rb

diff --git a/src/cloud/common/CloudAuth.rb b/src/cloud/common/CloudAuth.rb
index 19aeff32e2..60fc963d9b 100644
--- a/src/cloud/common/CloudAuth.rb
+++ b/src/cloud/common/CloudAuth.rb
@@ -23,6 +23,7 @@ class CloudAuth
         "sunstone"   => 'SunstoneCloudAuth' ,
         "ec2"        => 'EC2CloudAuth',
         "x509"       => 'X509CloudAuth',
+        "remote"     => 'RemoteCloudAuth',
         "opennebula" => 'OpenNebulaCloudAuth',
         "onegate"    => 'OneGateCloudAuth'
     }
diff --git a/src/cloud/common/CloudAuth/RemoteCloudAuth.rb b/src/cloud/common/CloudAuth/RemoteCloudAuth.rb
new file mode 100644
index 0000000000..0ff9ed1aef
--- /dev/null
+++ b/src/cloud/common/CloudAuth/RemoteCloudAuth.rb
@@ -0,0 +1,40 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2015, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+require 'opennebula/x509_auth'
+
+module RemoteCloudAuth
+    def do_auth(env, params={})
+        # For Kerberos, the web service should be set to include the remote_user in the environment.
+        remote_user   = env['REMOTE_USER']
+        remote_user   = nil if remote_user == '(null)'
+
+        # Use the https credentials for authentication
+        unless remote_user.nil?
+            # Password should be REMOTE_USER itself.
+            username = get_username(remote_user)
+            if username
+                return username
+            else
+                raise "Username not found in local database: " + remote_user
+            end
+        else
+            raise "REMOTE_USER not found in local environment"
+        end
+
+        return nil
+    end
+end