From 057619301540e1d97ea59e48d519699fe80a0a1e Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 7 Jan 2008 14:03:13 -0500 Subject: In add_service_principal() don't let the user pass in the realm. This could result in a principal of the form: service/host@something@REALM --- ipa-server/xmlrpc-server/funcs.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ipa-server/xmlrpc-server/funcs.py') diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 2057aa7d0..c7a1f9616 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1694,6 +1694,10 @@ class IPAServer: service_container = DefaultServiceContainer + # Don't let the user set the realm + if name.find('@') > 0: + raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) + princ_name = name + "@" + self.realm conn = self.getConnection(opts) -- cgit