[Freeipa-devel] [PATCH 0070] Normalization check only for IDNA domains
Petr Spacek
pspacek at redhat.com
Fri Jun 27 10:09:32 UTC 2014
On 27.6.2014 12:04, Alexander Bokovoy wrote:
> diff --git a/ipalib/parameters.py b/ipalib/parameters.py
> index 1dff13c..09fed28 100644
> --- a/ipalib/parameters.py
> +++ b/ipalib/parameters.py
> @@ -1965,12 +1965,15 @@ class DNSNameParam(Param):
> #compare if IDN normalized and original domain match
> #there is N:1 mapping between unicode and IDNA names
> #user should use normalized names to avoid mistakes
> - normalized_domain_name = encodings.idna.nameprep(value)
> - if value != normalized_domain_name:
> - error = _("domain name '%(domain)s' and normalized domain name"
> - " '%(normalized)s' do not match. Please use only"
> - " normalized domains") % {'domain': value,
> - 'normalized': normalized_domain_name}
> + labels = value.split('.')
NACK. This is going to break with IDNA2003 as there are four different dots.
The whole DNS refactoring was about eliminating all places where DNS names are
threaded as strings separated by ASCII dots.
I would like to hear reasons against fixing ipa-adtrust-install (in the other
part of thread).
Thank you for understanding.
Petr^2 Spacek
> + is_idna = True in [encodings.idna.ToASCII(x) != x for x in labels]
> + if is_idna:
> + is_nonnorm = True in [encodings.idna.nameprep(x) != x for x in labels]
> + if is_nonnorm:
> + error = _("domain name '%(domain)s' and normalized domain name"
> + " '%(normalized)s' do not match. Please use only"
> + " normalized domains") % {'domain': value,
> + 'normalized': normalized_domain_name}
> if error:
> raise ConversionError(name=self.get_param_name(), index=index,
> error=error)
More information about the Freeipa-devel
mailing list