summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2012-11-15 05:21:16 -0500
committerRob Crittenden <rcritten@redhat.com>2012-12-06 10:34:23 -0500
commit0292ebd1e5603a5daabf274b40fb4e10f096ea1c (patch)
tree6df467255c7ea0aac56689df4aabe3f8238077a3 /ipalib
parent152585e73141ae5485e677f36f7f47551b438bbb (diff)
downloadfreeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.gz
freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.xz
freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.zip
Add detection for users from trusted/invalid realms
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied is returned. Also, the support for usernames of the form user@SERVER.REALM or user@server.realm was added. https://fedorahosted.org/freeipa/ticket/3252
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/util.py15
1 files changed, 15 insertions, 0 deletions
diff --git a/ipalib/util.py b/ipalib/util.py
index 3fe5c9f44..c52d060b5 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -105,6 +105,21 @@ def validate_host_dns(log, fqdn):
)
raise errors.DNSNotARecordError()
+def normalize_name(name):
+ result = dict()
+ components = name.split('@')
+ if len(components) == 2:
+ result['domain'] = unicode(components[1]).lower()
+ result['name'] = unicode(components[0]).lower()
+ else:
+ components = name.split('\\')
+ if len(components) == 2:
+ result['flatname'] = unicode(components[0]).lower()
+ result['name'] = unicode(components[1]).lower()
+ else:
+ result['name'] = unicode(name).lower()
+ return result
+
def isvalid_base64(data):
"""
Validate the incoming data as valid base64 data or not.