We allowed IP addresses without network specification which lead
to unexpected results when the zone was being created. We should rather
strictly require the prefix/netmask specifying the IP network that
the reverse zone should be created for. This is already done in
Web UI.

A unit test exercising this new validation was added.

https://fedorahosted.org/freeipa/ticket/2461
>From 6b1f1681d103ff73b61e77f672594458a6ed0fb5 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Wed, 5 Sep 2012 09:56:27 +0200
Subject: [PATCH] Stricter IP network validator in dnszone-add command

We allowed IP addresses without network specification which lead
to unexpected results when the zone was being created. We should rather
strictly require the prefix/netmask specifying the IP network that
the reverse zone should be created for. This is already done in
Web UI.

A unit test exercising this new validation was added.

https://fedorahosted.org/freeipa/ticket/2461
---
 ipalib/plugins/dns.py                | 10 +++++++++-
 tests/test_xmlrpc/test_dns_plugin.py | 16 ++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 3987001f06dba1bcc5a311243e4f1fdcf83091c7..aa81f29e68deb4e6af7e8c44242deb3c0defbd0c 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -281,7 +281,15 @@ def _validate_ip4addr(ugettext, ipaddr):
 def _validate_ip6addr(ugettext, ipaddr):
     return _validate_ipaddr(ugettext, ipaddr, 6)
 
-def _validate_ipnet(ugettext, ipnet):
+def _validate_ipnet(ugettext, ipnet, require_prefix=True):
+    if require_prefix:
+        try:
+            net = netaddr.IPAddress(ipnet)
+        except (netaddr.AddrFormatError, ValueError):
+            pass
+        else:
+            return _('netmask or subnet prefix specifying the IP network address is required')
+
     try:
         net = netaddr.IPNetwork(ipnet)
     except (netaddr.AddrFormatError, ValueError, UnboundLocalError):
diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py
index 2b6d53c0bb705ea96c80ff23149e0e049c439e39..c195aa169201a86ebaec45341c4559e309c68a2e 100644
--- a/tests/test_xmlrpc/test_dns_plugin.py
+++ b/tests/test_xmlrpc/test_dns_plugin.py
@@ -948,6 +948,22 @@ class test_dns(Declarative):
                 error=u'invalid IP network format'),
         ),
 
+
+        dict(
+            desc='Try to create a reverse zone from IP without prefix',
+            command=(
+                'dnszone_add', [], {
+                    'name_from_ip': u'10.0.0.1',
+                    'idnssoamname': dnszone1_mname,
+                    'idnssoarname': dnszone1_rname,
+                    'ip_address' : u'1.2.3.4',
+                }
+            ),
+            expected=errors.ValidationError(name='name_from_ip',
+                error=u'netmask or subnet prefix specifying the IP network address is required'),
+        ),
+
+
         dict(
             desc='Create reverse from IP %s zone using name_from_ip option' % revdnszone1_ip,
             command=(
-- 
1.7.11.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to