summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2014-06-18 15:58:17 +0200
committerMartin Kosek <mkosek@redhat.com>2014-07-01 09:58:42 +0200
commit152c8f210ba59dcc4d1b93b16338ce9f8d44b870 (patch)
tree67e2bf302c49cf997026218e51c56d49e09c9a2b
parentfdef2e1bd80d688467aeb8ac425e9010bf00c530 (diff)
downloadfreeipa-152c8f210ba59dcc4d1b93b16338ce9f8d44b870.tar.gz
freeipa-152c8f210ba59dcc4d1b93b16338ce9f8d44b870.tar.xz
freeipa-152c8f210ba59dcc4d1b93b16338ce9f8d44b870.zip
Check normalization only for IDNA domains
Backward compability with older IPA versions which allow to use uppper case. Only IDNA domains will be checked. https://fedorahosted.org/freeipa/ticket/4382 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
-rw-r--r--ipalib/parameters.py25
-rw-r--r--ipatests/test_xmlrpc/test_dns_plugin.py5
2 files changed, 17 insertions, 13 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 1dff13cc1..0cf14a4cd 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1961,16 +1961,21 @@ class DNSNameParam(Param):
error = _('DNS label cannot be longer than 63 characters')
except dns.exception.SyntaxError:
error = _('invalid domain name')
-
- #compare if IDN normalized and original domain match
- #there is N:1 mapping between unicode and IDNA names
- #user should use normalized names to avoid mistakes
- normalized_domain_name = encodings.idna.nameprep(value)
- if value != normalized_domain_name:
- error = _("domain name '%(domain)s' and normalized domain name"
- " '%(normalized)s' do not match. Please use only"
- " normalized domains") % {'domain': value,
- 'normalized': normalized_domain_name}
+ else:
+ #compare if IDN normalized and original domain match
+ #there is N:1 mapping between unicode and IDNA names
+ #user should use normalized names to avoid mistakes
+ labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
+ try:
+ map(lambda label: label.encode("ascii"), labels)
+ except UnicodeError:
+ # IDNA
+ is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
+ if is_nonnorm:
+ error = _("domain name '%(domain)s' should be normalized to"
+ ": %(normalized)s") % {
+ 'domain': value,
+ 'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}
if error:
raise ConversionError(name=self.get_param_name(), index=index,
error=error)
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 66af0efb8..2c8c85f93 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -2504,11 +2504,10 @@ class test_dns(Declarative):
dict(
- desc='Add A denormalized record to %r in zone %r' % (idnres1, idnzone1),
+ desc='Add A denormalized record in zone %r' % (idnzone1),
command=('dnsrecord_add', [idnzone1, u'gro\xdf'], {'arecord': u'172.16.0.1'}),
expected=errors.ConversionError(name='name',
- error=u'domain name \'gro\xdf\' and normalized domain name \'gross\''
- + ' do not match. Please use only normalized domains'),
+ error=u'domain name \'gro\xdf\' should be normalized to: gross')
),