diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-03-17 14:09:44 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-03-17 14:09:44 -0400 |
commit | e54a16ae1ce45af4c250dbbbb13893b9a8dc2190 (patch) | |
tree | 0b9a82f37fcc275d74113fd907e38354b59c131c /ipa-server/xmlrpc-server/funcs.py | |
parent | c3fedca013cebc29ac9e162c7a59db1a96c2a30a (diff) | |
download | freeipa-e54a16ae1ce45af4c250dbbbb13893b9a8dc2190.tar.gz freeipa-e54a16ae1ce45af4c250dbbbb13893b9a8dc2190.tar.xz freeipa-e54a16ae1ce45af4c250dbbbb13893b9a8dc2190.zip |
Allow the realm to be included in the name passed to add_service_principal()
This is more kerberos-like and it doesn't hurt anything, we just won't
allow realms other than our own to be used.
437566
Diffstat (limited to 'ipa-server/xmlrpc-server/funcs.py')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index cb2823402..43bcf9869 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1820,9 +1820,12 @@ class IPAServer: # Don't let the user set the realm if name.find('@') > 0: - raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) - - princ_name = name + "@" + self.realm + r = name[name.find('@')+1:] + if (r != self.realm): + raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) + princ_name = name + else: + princ_name = name + "@" + self.realm conn = self.getConnection(opts) if not self.__is_service_unique(name, opts): |