Normalize uid in user principal to lower-case and do validation

Use same normalization and validation in passwd plugin and add some
tests for invalid principals

https://fedorahosted.org/freeipa/ticket/1778

1 files changed, 3 insertions, 8 deletions

diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py
index 901a56f20..b7d82f355 100644
--- a/ipalib/plugins/passwd.py
+++ b/ipalib/plugins/passwd.py
@@ -22,6 +22,7 @@ from ipalib import Command
 from ipalib import Str, Password
 from ipalib import _
 from ipalib import output
+from ipalib.plugins.user import split_principal, validate_principal, normalize_principal
 
 __doc__ = _("""
 Set a user's password
@@ -46,12 +47,13 @@ class passwd(Command):
     __doc__ = _("Set a user's password.")
 
     takes_args = (
-        Str('principal',
+        Str('principal', validate_principal,
             cli_name='user',
             label=_('User name'),
             primary_key=True,
             autofill=True,
             create_default=lambda **kw: util.get_current_principal(),
+            normalizer=lambda value: normalize_principal(value),
         ),
         Password('password',
                  label=_('Password'),
@@ -75,13 +77,6 @@ class passwd(Command):
         """
         ldap = self.api.Backend.ldap2
 
-        if principal.find('@') != -1:
-            principal_parts = principal.split('@')
-            if len(principal_parts) > 2:
-                raise errors.MalformedUserPrincipal(principal=principal)
-        else:
-            principal = '%s@%s' % (principal, self.api.env.realm)
-
         (dn, entry_attrs) = ldap.find_entry_by_attr(
             'krbprincipalname', principal, 'posixaccount', [''],
             ",".join([api.env.container_user, api.env.basedn])