Check normalization only for IDNA domains

Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.

https://fedorahosted.org/freeipa/ticket/4382

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

2 files changed, 17 insertions, 13 deletions

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 1dff13cc1..0cf14a4cd 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1961,16 +1961,21 @@ class DNSNameParam(Param):
                 error = _('DNS label cannot be longer than 63 characters')
             except dns.exception.SyntaxError:
                 error = _('invalid domain name')
-
-            #compare if IDN normalized and original domain match
-            #there is N:1 mapping between unicode and IDNA names
-            #user should use normalized names to avoid mistakes
-            normalized_domain_name = encodings.idna.nameprep(value)
-            if value != normalized_domain_name:
-                error = _("domain name '%(domain)s' and normalized domain name"
-                          " '%(normalized)s' do not match. Please use only"
-                          " normalized domains") % {'domain': value,
-                          'normalized': normalized_domain_name}
+            else:
+                #compare if IDN normalized and original domain match
+                #there is N:1 mapping between unicode and IDNA names
+                #user should use normalized names to avoid mistakes
+                labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
+                try:
+                    map(lambda label: label.encode("ascii"), labels)
+                except UnicodeError:
+                    # IDNA
+                    is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
+                    if is_nonnorm:
+                        error = _("domain name '%(domain)s' should be normalized to"
+                          ": %(normalized)s") % {
+                          'domain': value,
+                          'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}
             if error:
                 raise ConversionError(name=self.get_param_name(), index=index,
                                       error=error)
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 66af0efb8..2c8c85f93 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -2504,11 +2504,10 @@ class test_dns(Declarative):
 
 
         dict(
-            desc='Add A denormalized record to %r in zone %r' % (idnres1, idnzone1),
+            desc='Add A denormalized record in zone %r' % (idnzone1),
             command=('dnsrecord_add', [idnzone1, u'gro\xdf'], {'arecord': u'172.16.0.1'}),
             expected=errors.ConversionError(name='name',
-                error=u'domain name \'gro\xdf\' and normalized domain name \'gross\''
-                + ' do not match. Please use only normalized domains'),
+                error=u'domain name \'gro\xdf\' should be normalized to: gross')
         ),