Add detection for users from trusted/invalid realms

When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied is returned. Also, the support for usernames of the form user@SERVER.REALM or user@server.realm was added. https://fedorahosted.org/freeipa/ticket/3252
author: Tomas Babej <tbabej@redhat.com> 2012-11-15 05:21:16 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2012-12-06 10:34:23 -0500
commit: 0292ebd1e5603a5daabf274b40fb4e10f096ea1c (patch)
tree: 6df467255c7ea0aac56689df4aabe3f8238077a3 /ipaserver/dcerpc.py
parent: 152585e73141ae5485e677f36f7f47551b438bbb (diff)
download: freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.gz
freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.xz
freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.zip
1 files changed, 3 insertions, 16 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 8190bf6ac..54a70defc 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -31,6 +31,7 @@ from ipapython import ipautil
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 from ipaserver.install import installutils
+from ipalib.util import normalize_name
 
 import os, string, struct, copy
 import uuid
@@ -184,21 +185,6 @@ class DomainValidator(object):
                 return True
         return False
 
-    def normalize_name(self, name):
-        result = dict()
-        components = name.split('@')
-        if len(components) == 2:
-            result['domain'] = unicode(components[1]).lower()
-            result['name'] = unicode(components[0]).lower()
-        else:
-            components = name.split('\\')
-            if len(components) == 2:
-                result['flatname'] = unicode(components[0]).lower()
-                result['name'] = unicode(components[1]).lower()
-            else:
-                result['name'] = unicode(name).lower()
-        return result
-
     def get_sid_trusted_domain_object(self, object_name):
         """Returns SID for the trusted domain object (user or group only)"""
         if not self.domain:
@@ -209,7 +195,8 @@ class DomainValidator(object):
         if len(self._domains) == 0:
             # Our domain is configured but no trusted domains are configured
             return None
-        components = self.normalize_name(object_name)
+
+        components = normalize_name(object_name)
         if not ('domain' in components or 'flatname' in components):
             # No domain or realm specified, ambiguous search
             return False
author	Tomas Babej <tbabej@redhat.com>	2012-11-15 05:21:16 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2012-12-06 10:34:23 -0500
commit	0292ebd1e5603a5daabf274b40fb4e10f096ea1c (patch)
tree	6df467255c7ea0aac56689df4aabe3f8238077a3 /ipaserver/dcerpc.py
parent	152585e73141ae5485e677f36f7f47551b438bbb (diff)
download	freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.gz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.xz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.zip