[Freeipa-devel] [PATCH 0070] Normalization check only for IDNA domains
Petr Spacek
pspacek at redhat.com
Fri Jun 27 10:21:51 UTC 2014
On 27.6.2014 12:20, Alexander Bokovoy wrote:
> On Fri, 27 Jun 2014, Petr Spacek wrote:
>> On 27.6.2014 12:04, Alexander Bokovoy wrote:
>>> diff --git a/ipalib/parameters.py b/ipalib/parameters.py
>>> index 1dff13c..09fed28 100644
>>> --- a/ipalib/parameters.py
>>> +++ b/ipalib/parameters.py
>>> @@ -1965,12 +1965,15 @@ class DNSNameParam(Param):
>>> #compare if IDN normalized and original domain match
>>> #there is N:1 mapping between unicode and IDNA names
>>> #user should use normalized names to avoid mistakes
>>> - normalized_domain_name = encodings.idna.nameprep(value)
>>> - if value != normalized_domain_name:
>>> - error = _("domain name '%(domain)s' and normalized domain
>>> name"
>>> - " '%(normalized)s' do not match. Please use only"
>>> - " normalized domains") % {'domain': value,
>>> - 'normalized': normalized_domain_name}
>>> + labels = value.split('.')
>>
>> NACK. This is going to break with IDNA2003 as there are four different dots.
>> The whole DNS refactoring was about eliminating all places where DNS names
>> are threaded as strings separated by ASCII dots.
> IDNA implementation in FreeIPA git master right now is wrong with
> regards to nameprep use -- encodings.idna.nameprep(), as well as other
> functions in encodings.idna should be applied to labels, not to the
> whole DNS name.
>
> Give me a way to split a name to labels properly and we can work on.
>
>>
>> I would like to hear reasons against fixing ipa-adtrust-install (in the
>> other part of thread).
> As I said, 'fixing' ipa-adtrust-install is considered a hack. Current
> IDNA support is broken anyway, *it* needs to be fixed, not a long
> standing convention to name DNS records in Active Directory
> implementations (which Samba AD DC setup shares as well).
Let me add that DNS protocol is case insensitive so it doesn't matter. Let's
wait for mbasti's opinion.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list