diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-14 14:49:47 +1100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-04-20 18:07:19 +0200 |
| commit | c2b92b57354923a8099a0da446cef63802d2447b (patch) | |
| tree | ca04a522f7ca638bcb22e15502471ed934774149 /ipalib | |
| parent | 1c79c1ea2d077d8699c7e3190526a45e627a7a18 (diff) | |
| download | freeipa-c2b92b57354923a8099a0da446cef63802d2447b.tar.gz freeipa-c2b92b57354923a8099a0da446cef63802d2447b.tar.xz freeipa-c2b92b57354923a8099a0da446cef63802d2447b.zip | |
caacl: correctly handle full user principal name
The caacl HBAC request is correct when just the username is given,
but the full 'user@REALM' form was not handled correctly.
Fixes: https://fedorahosted.org/freeipa/ticket/5733
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/caacl.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/caacl.py b/ipalib/plugins/caacl.py index 64dbec16e..d83c3ce89 100644 --- a/ipalib/plugins/caacl.py +++ b/ipalib/plugins/caacl.py @@ -61,14 +61,14 @@ def _acl_make_request(principal_type, principal, ca_ref, profile_id): req.targethost.name = ca_ref req.service.name = profile_id if principal_type == 'user': - req.user.name = principal + req.user.name = name elif principal_type == 'host': req.user.name = name elif principal_type == 'service': req.user.name = normalize_principal(principal) groups = [] if principal_type == 'user': - user_obj = api.Command.user_show(principal)['result'] + user_obj = api.Command.user_show(name)['result'] groups = user_obj.get('memberof_group', []) groups += user_obj.get('memberofindirect_group', []) elif principal_type == 'host': |