mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Check normalization only for IDNA domains
Backward compability with older IPA versions which allow to use uppper case. Only IDNA domains will be checked. https://fedorahosted.org/freeipa/ticket/4382 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Martin Basti
Martin Kosek
parent
fdef2e1bd8
commit
152c8f210b
@ -1961,16 +1961,21 @@ class DNSNameParam(Param):
|
|||||||
error = _('DNS label cannot be longer than 63 characters')
|
error = _('DNS label cannot be longer than 63 characters')
|
||||||
except dns.exception.SyntaxError:
|
except dns.exception.SyntaxError:
|
||||||
error = _('invalid domain name')
|
error = _('invalid domain name')
|
||||||
|
else:
|
||||||
#compare if IDN normalized and original domain match
|
#compare if IDN normalized and original domain match
|
||||||
#there is N:1 mapping between unicode and IDNA names
|
#there is N:1 mapping between unicode and IDNA names
|
||||||
#user should use normalized names to avoid mistakes
|
#user should use normalized names to avoid mistakes
|
||||||
normalized_domain_name = encodings.idna.nameprep(value)
|
labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
|
||||||
if value != normalized_domain_name:
|
try:
|
||||||
error = _("domain name '%(domain)s' and normalized domain name"
|
map(lambda label: label.encode("ascii"), labels)
|
||||||
" '%(normalized)s' do not match. Please use only"
|
except UnicodeError:
|
||||||
" normalized domains") % {'domain': value,
|
# IDNA
|
||||||
'normalized': normalized_domain_name}
|
is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
|
||||||
|
if is_nonnorm:
|
||||||
|
error = _("domain name '%(domain)s' should be normalized to"
|
||||||
|
": %(normalized)s") % {
|
||||||
|
'domain': value,
|
||||||
|
'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}
|
||||||
if error:
|
if error:
|
||||||
raise ConversionError(name=self.get_param_name(), index=index,
|
raise ConversionError(name=self.get_param_name(), index=index,
|
||||||
error=error)
|
error=error)
|
||||||
|
|||||||
@ -2504,11 +2504,10 @@ class test_dns(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Add A denormalized record to %r in zone %r' % (idnres1, idnzone1),
|
desc='Add A denormalized record in zone %r' % (idnzone1),
|
||||||
command=('dnsrecord_add', [idnzone1, u'gro\xdf'], {'arecord': u'172.16.0.1'}),
|
command=('dnsrecord_add', [idnzone1, u'gro\xdf'], {'arecord': u'172.16.0.1'}),
|
||||||
expected=errors.ConversionError(name='name',
|
expected=errors.ConversionError(name='name',
|
||||||
error=u'domain name \'gro\xdf\' and normalized domain name \'gross\''
|
error=u'domain name \'gro\xdf\' should be normalized to: gross')
|
||||||
+ ' do not match. Please use only normalized domains'),
|
|
||||||
),
|
),
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user