diff options
| author | Tomas Babej <tbabej@redhat.com> | 2012-11-15 05:21:16 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-12-06 10:34:23 -0500 |
| commit | 0292ebd1e5603a5daabf274b40fb4e10f096ea1c (patch) | |
| tree | 6df467255c7ea0aac56689df4aabe3f8238077a3 /ipalib | |
| parent | 152585e73141ae5485e677f36f7f47551b438bbb (diff) | |
| download | freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.gz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.xz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.zip | |
Add detection for users from trusted/invalid realms
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied
is returned.
Also, the support for usernames of the form user@SERVER.REALM
or user@server.realm was added.
https://fedorahosted.org/freeipa/ticket/3252
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/util.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index 3fe5c9f44..c52d060b5 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -105,6 +105,21 @@ def validate_host_dns(log, fqdn): ) raise errors.DNSNotARecordError() +def normalize_name(name): + result = dict() + components = name.split('@') + if len(components) == 2: + result['domain'] = unicode(components[1]).lower() + result['name'] = unicode(components[0]).lower() + else: + components = name.split('\\') + if len(components) == 2: + result['flatname'] = unicode(components[0]).lower() + result['name'] = unicode(components[1]).lower() + else: + result['name'] = unicode(name).lower() + return result + def isvalid_base64(data): """ Validate the incoming data as valid base64 data or not. |