From 0292ebd1e5603a5daabf274b40fb4e10f096ea1c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Thu, 15 Nov 2012 05:21:16 -0500
Subject: Add detection for users from trusted/invalid realms

When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied
is returned.

Also, the support for usernames of the form user@SERVER.REALM
or user@server.realm was added.

https://fedorahosted.org/freeipa/ticket/3252
---
 ipalib/util.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'ipalib/util.py')

diff --git a/ipalib/util.py b/ipalib/util.py
index 3fe5c9f44..c52d060b5 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -105,6 +105,21 @@ def validate_host_dns(log, fqdn):
         )
         raise errors.DNSNotARecordError()
 
+def normalize_name(name):
+    result = dict()
+    components = name.split('@')
+    if len(components) == 2:
+        result['domain'] = unicode(components[1]).lower()
+        result['name'] = unicode(components[0]).lower()
+    else:
+        components = name.split('\\')
+        if len(components) == 2:
+            result['flatname'] = unicode(components[0]).lower()
+            result['name'] = unicode(components[1]).lower()
+        else:
+            result['name'] = unicode(name).lower()
+    return result
+
 def isvalid_base64(data):
     """
     Validate the incoming data as valid base64 data or not.
-- 
cgit