diff options
-rw-r--r-- | ipa-python/ipaerror.py | 5 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 9 |
2 files changed, 11 insertions, 3 deletions
diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 767344b1e..256c87891 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -158,6 +158,11 @@ INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code( 0x0005, "The requested service principal is not of the form: service/fully-qualified host name") +INPUT_REALM_MISMATCH = gen_error_code( + INPUT_CATEGORY, + 0x0006, + "The realm for the principal does not match the realm for this IPA server.") + # # Connection errors # diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index cb2823402..43bcf9869 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1820,9 +1820,12 @@ class IPAServer: # Don't let the user set the realm if name.find('@') > 0: - raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) - - princ_name = name + "@" + self.realm + r = name[name.find('@')+1:] + if (r != self.realm): + raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) + princ_name = name + else: + princ_name = name + "@" + self.realm conn = self.getConnection(opts) if not self.__is_service_unique(name, opts): |