IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

caacl: correctly handle full user principal name

Browse Source 
The caacl HBAC request is correct when just the username is given,
but the full 'user@REALM' form was not handled correctly.

Fixes: https://fedorahosted.org/freeipa/ticket/5733
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Fraser Tweedale
2016-03-14 14:49:47 +11:00
committed by Martin Basti
parent 1c79c1ea2d
commit c2b92b5735
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ipalib/plugins/caacl.py
View File

@@ -61,14 +61,14 @@ def _acl_make_request(principal_type, principal, ca_ref, profile_id):
req.targethost.name = ca_ref
req.service.name = profile_id
if principal_type == 'user':
req.user.name = principal
req.user.name = name
elif principal_type == 'host':
req.user.name = name
elif principal_type == 'service':
req.user.name = normalize_principal(principal)
groups = []
if principal_type == 'user':
user_obj = api.Command.user_show(principal)['result']
user_obj = api.Command.user_show(name)['result']
groups = user_obj.get('memberof_group', [])
groups += user_obj.get('memberofindirect_group', [])
elif principal_type == 'host':