[Freeipa-devel] [PATCH] 871 add hostname regex

Rob Crittenden rcritten at redhat.com
Wed Sep 21 17:50:40 UTC 2011


Rob Crittenden wrote:
> Alexander Bokovoy wrote:
>> On Tue, 13 Sep 2011, Jan Cholasta wrote:
>>>>> What about IDN hosts? With this change we would require them to be
>>>>> always in Punycode?
>>>>>
>>>>
>>>> Oh, hadn't considered that, I was just following the relevent RFCs. Is
>>>> there a way we can easily support those as well?
>>>
>>> The easiest way would probably be:
>>>
>>> normalizer=lambda value: unicode(value.encode('idna'))
>> That's one part. Another one is visualizing such content -- for both
>> Web UI and CLI we would need to run encodings.idna.ToUnicode().
>> Finally, make sure whatever we pass to external applications is
>> properly formatted as well -- all of them should be able to work with
>> xn-<Punycode> form.
>
> The UI also links the DNS hostname to the host entries so I'd think the
> names must be matchable in some way. If DNS can only store punycode
> names I think the regex will be fine.

I think we're going to need a bit more time to get this right. What I 
propose for the short term is to encode in puny code, do the validation, 
and reject as required. We still store in full unicode.

Note that special characters may not work that will now but validating 
characters won't make it any worse.

rob




More information about the Freeipa-devel mailing list