From 453332215667d6ff9595e6dedeeb3ed5ba7e5bdf Mon Sep 17 00:00:00 2001

From: Martin Basti <mbasti@redhat.com>

Date: Thu, 27 Nov 2014 14:16:23 +0100

Subject: [PATCH] Throw zonemgr error message before installation proceeds

Ticket: https://fedorahosted.org/freeipa/ticket/4771

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

---

 ipalib/parameters.py | 35 +++++------------------------------

 ipalib/util.py       | 45 +++++++++++++++++++++++++++++++++++++++++++++

 2 files changed, 50 insertions(+), 30 deletions(-)

diff --git a/ipalib/parameters.py b/ipalib/parameters.py

index 0cf14a4cd2900459ccd5d6d52912960c642223aa..7fa55fd6a6854ffa97da211ca5ef04b7ad974dc4 100644

--- a/ipalib/parameters.py

+++ b/ipalib/parameters.py

@@ -112,7 +112,7 @@ from errors import ConversionError, RequirementError, ValidationError

 from errors import PasswordMismatch, Base64DecodeError

 from constants import TYPE_ERROR, CALLABLE_ERROR, LDAP_GENERALIZED_TIME_FORMAT

 from text import Gettext, FixMe

-from util import json_serialize

+from util import json_serialize, validate_idna_domain

 from ipapython.dn import DN

 from ipapython.dnsutil import DNSName

 import dns.name

@@ -1950,36 +1950,11 @@ class DNSNameParam(Param):

             error = None

             try:

-                domain_name = DNSName(value)

-            except dns.name.BadEscape:

-                error = _('invalid escape code in domain name')

-            except dns.name.EmptyLabel:

-                error = _('empty DNS label')

-            except dns.name.NameTooLong:

-                error = _('domain name cannot be longer than 255 characters')

-            except dns.name.LabelTooLong:

-                error = _('DNS label cannot be longer than 63 characters')

-            except dns.exception.SyntaxError:

-                error = _('invalid domain name')

-            else:

-                #compare if IDN normalized and original domain match

-                #there is N:1 mapping between unicode and IDNA names

-                #user should use normalized names to avoid mistakes

-                labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)

-                try:

-                    map(lambda label: label.encode("ascii"), labels)

-                except UnicodeError:

-                    # IDNA

-                    is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)

-                    if is_nonnorm:

-                        error = _("domain name '%(domain)s' should be normalized to"

-                          ": %(normalized)s") % {

-                          'domain': value,

-                          'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}

-            if error:

+                validate_idna_domain(value)

+            except ValueError as e:

                 raise ConversionError(name=self.get_param_name(), index=index,

-                                      error=error)

-            value = domain_name

+                                      error=unicode(e))

+            value = DNSName(value)

             if self.only_absolute and not value.is_absolute():

                 value = value.make_absolute()

diff --git a/ipalib/util.py b/ipalib/util.py

index 7a283106d70ba6a3e25cc7129d57b44b80876882..2c17d80a0427a5c7e45a6a0b64fa1f4d39fffa8a 100644

--- a/ipalib/util.py

+++ b/ipalib/util.py

@@ -28,6 +28,7 @@ import socket

 import re

 import decimal

 import dns

+import encodings

 import netaddr

 from types import NoneType

 from weakref import WeakKeyDictionary

@@ -277,6 +278,7 @@ def validate_zonemgr(zonemgr):

 def validate_zonemgr_str(zonemgr):

     zonemgr = normalize_zonemgr(zonemgr)

+    validate_idna_domain(zonemgr)

     zonemgr = DNSName(zonemgr)

     return validate_zonemgr(zonemgr)

@@ -589,3 +591,46 @@ def validate_dnssec_forwarder(ip_addr):

         return False

     return True

+

+

+def validate_idna_domain(value):

+    """

+    Validate if value is valid IDNA domain.

+

+    If domain is not valid, raises ValueError

+    :param value:

+    :return:

+    """

+    error = None

+

+    try:

+        DNSName(value)

+    except dns.name.BadEscape:

+        error = _('invalid escape code in domain name')

+    except dns.name.EmptyLabel:

+        error = _('empty DNS label')

+    except dns.name.NameTooLong:

+        error = _('domain name cannot be longer than 255 characters')

+    except dns.name.LabelTooLong:

+        error = _('DNS label cannot be longer than 63 characters')

+    except dns.exception.SyntaxError:

+        error = _('invalid domain name')

+    else:

+        #compare if IDN normalized and original domain match

+        #there is N:1 mapping between unicode and IDNA names

+        #user should use normalized names to avoid mistakes

+        labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)

+        try:

+            map(lambda label: label.encode("ascii"), labels)

+        except UnicodeError:

+            # IDNA

+            is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)

+            if is_nonnorm:

+                error = _("domain name '%(domain)s' should be normalized to"

+                          ": %(normalized)s") % {

+                          'domain': value,

+                          'normalized': '.'.join([encodings.idna.nameprep(x)

+                                                  for x in labels])}

+

+    if error:

+        raise ValueError(error)

-- 

2.1.0