Try to resolve the name passed into the password reader to a file
Rather than comparing the value passed in by Apache to a
hostname value just see if there is a file of that name in
/var/lib/ipa/passwds.
Use realpath to see if path information was passed in as one of
the options so that someone can't try to return random files from
the filesystem.
https://pagure.io/freeipa/issue/7528
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>