From 152c8f210ba59dcc4d1b93b16338ce9f8d44b870 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 18 Jun 2014 15:58:17 +0200
Subject: Check normalization only for IDNA domains

Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.

https://fedorahosted.org/freeipa/ticket/4382

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipalib/parameters.py | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'ipalib')

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 1dff13cc1..0cf14a4cd 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1961,16 +1961,21 @@ class DNSNameParam(Param):
                 error = _('DNS label cannot be longer than 63 characters')
             except dns.exception.SyntaxError:
                 error = _('invalid domain name')
-
-            #compare if IDN normalized and original domain match
-            #there is N:1 mapping between unicode and IDNA names
-            #user should use normalized names to avoid mistakes
-            normalized_domain_name = encodings.idna.nameprep(value)
-            if value != normalized_domain_name:
-                error = _("domain name '%(domain)s' and normalized domain name"
-                          " '%(normalized)s' do not match. Please use only"
-                          " normalized domains") % {'domain': value,
-                          'normalized': normalized_domain_name}
+            else:
+                #compare if IDN normalized and original domain match
+                #there is N:1 mapping between unicode and IDNA names
+                #user should use normalized names to avoid mistakes
+                labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
+                try:
+                    map(lambda label: label.encode("ascii"), labels)
+                except UnicodeError:
+                    # IDNA
+                    is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
+                    if is_nonnorm:
+                        error = _("domain name '%(domain)s' should be normalized to"
+                          ": %(normalized)s") % {
+                          'domain': value,
+                          'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}
             if error:
                 raise ConversionError(name=self.get_param_name(), index=index,
                                       error=error)
-- 
cgit