freeipa/ipaserver/plugins
Alexander Bokovoy 0ffdfc70f2 idviews: add extended validator for users from trusted domains
Register extended validator for users from trusted domains to be called
through add_external_pre_callback() in sudorules and other plugins.

The callbacks allow to validate user names as following:

 - if user name passes basic user name validator it is accepted, otherwise
 - if user name can be resolved to any user in IPA or in a trusted
   domain, it is accepted
 - otherwise the name is rejected

Fixes: https://pagure.io/freeipa/issue/3226
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-01-26 13:05:27 -05:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py Use ACI class set_permissions() method to set permissions 2020-09-14 09:15:59 +03:00
automember.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py baseldap: when adding external objects, differentiate between them and failures 2021-01-26 13:05:27 -05:00
baseuser.py baseuser: fix ipanthomedirectorydrive option name 2020-06-16 19:06:02 -04:00
batch.py CVE-2019-10195: Don't log passwords embedded in commands in calls using batch 2019-11-26 15:24:20 +02:00
ca.py ca plugin: improve doc 2020-07-07 10:07:48 -04:00
caacl.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
cert.py dnspython: Add compatibility shim 2020-08-31 09:46:03 +03:00
certmap.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
certprofile.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
config.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
delegation.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
dns.py dns: allow PTR records in arbitrary zones 2020-11-11 10:24:38 +02:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py Let dogtag.py be imported if the api is not initialized 2020-11-02 10:43:57 -05:00
domainlevel.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
group.py Prevent local account takeover 2020-06-15 22:44:42 +03:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc* labels 2020-02-24 15:02:24 +01:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py support using trust-related operations in the server console 2020-06-08 12:39:34 -04:00
host.py Allow leading/trailing whitespaces in passwords 2020-12-18 16:47:59 +02:00
hostgroup.py Allow rename of a host group 2020-03-31 09:21:37 +03:00
idrange.py support using trust-related operations in the server console 2020-06-08 12:39:34 -04:00
idviews.py idviews: add extended validator for users from trusted domains 2021-01-26 13:05:27 -05:00
internal.py Unify spelling of "One-Time Password" (take 2) 2020-06-24 14:55:27 +02:00
join.py Delay import of psutil to avoid AVC 2020-09-23 14:49:15 +02:00
krbtpolicy.py Reset per-indicator Kerberos policy 2019-12-18 14:16:33 +01:00
ldap2.py Optimize user-add by caching ldap2.has_upg() 2019-12-05 15:07:57 +01:00
location.py Fix div-by-zero when svc weight is 0 for all masters in location 2020-02-26 13:42:10 -05:00
migration.py Terminology improvements: use block list 2020-06-23 10:16:29 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py Remove virtual attributes before rolling back a permission 2021-01-13 13:50:45 +01:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
privilege.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
pwpolicy.py Extend IPA pwquality plugin to include libpwquality support 2020-10-23 09:32:52 -04:00
rabase.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
radiusproxy.py radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
realmdomains.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
role.py Support adding user ID overrides as group and role members 2020-06-08 12:39:34 -04:00
schema.py Fix E713 test for membership should be 'not in' 2020-05-05 10:42:46 +02:00
selfservice.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
selinuxusermap.py Fix E711 comparison to None 2020-05-05 10:42:46 +02:00
server.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
serverrole.py servrole: takes_params must be a tuple 2020-04-27 10:15:58 +02:00
serverroles.py Improve config-show to show hidden servers 2019-03-28 17:57:58 +01:00
service.py Terminology improvements: use allow list 2020-06-23 10:16:29 +02:00
servicedelegation.py service delegation: allow to add and remove host principals 2020-05-14 21:47:17 +03:00
session.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
stageuser.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
topology.py domainlevel-get: fix various issues when running as non-admin 2019-03-25 09:48:31 +01:00
trust.py ipaserver/dcerpc: store forest topology as a blob in ipasam 2021-01-22 12:21:33 -05:00
user.py Prevent local account takeover 2020-06-15 22:44:42 +03:00
vault.py Consolidate container_masters queries 2019-03-28 00:21:00 +01:00
virtual.py extract virtual operation access check subroutine 2020-06-30 11:47:29 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00