We allowed IP addresses without network specification which lead to unexpected results when the zone was being created. We should rather strictly require the prefix/netmask specifying the IP network that the reverse zone should be created for. This is already done in Web UI.
A unit test exercising this new validation was added. https://fedorahosted.org/freeipa/ticket/2461
>From 6b1f1681d103ff73b61e77f672594458a6ed0fb5 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Wed, 5 Sep 2012 09:56:27 +0200 Subject: [PATCH] Stricter IP network validator in dnszone-add command We allowed IP addresses without network specification which lead to unexpected results when the zone was being created. We should rather strictly require the prefix/netmask specifying the IP network that the reverse zone should be created for. This is already done in Web UI. A unit test exercising this new validation was added. https://fedorahosted.org/freeipa/ticket/2461 --- ipalib/plugins/dns.py | 10 +++++++++- tests/test_xmlrpc/test_dns_plugin.py | 16 ++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 3987001f06dba1bcc5a311243e4f1fdcf83091c7..aa81f29e68deb4e6af7e8c44242deb3c0defbd0c 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -281,7 +281,15 @@ def _validate_ip4addr(ugettext, ipaddr): def _validate_ip6addr(ugettext, ipaddr): return _validate_ipaddr(ugettext, ipaddr, 6) -def _validate_ipnet(ugettext, ipnet): +def _validate_ipnet(ugettext, ipnet, require_prefix=True): + if require_prefix: + try: + net = netaddr.IPAddress(ipnet) + except (netaddr.AddrFormatError, ValueError): + pass + else: + return _('netmask or subnet prefix specifying the IP network address is required') + try: net = netaddr.IPNetwork(ipnet) except (netaddr.AddrFormatError, ValueError, UnboundLocalError): diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py index 2b6d53c0bb705ea96c80ff23149e0e049c439e39..c195aa169201a86ebaec45341c4559e309c68a2e 100644 --- a/tests/test_xmlrpc/test_dns_plugin.py +++ b/tests/test_xmlrpc/test_dns_plugin.py @@ -948,6 +948,22 @@ class test_dns(Declarative): error=u'invalid IP network format'), ), + + dict( + desc='Try to create a reverse zone from IP without prefix', + command=( + 'dnszone_add', [], { + 'name_from_ip': u'10.0.0.1', + 'idnssoamname': dnszone1_mname, + 'idnssoarname': dnszone1_rname, + 'ip_address' : u'1.2.3.4', + } + ), + expected=errors.ValidationError(name='name_from_ip', + error=u'netmask or subnet prefix specifying the IP network address is required'), + ), + + dict( desc='Create reverse from IP %s zone using name_from_ip option' % revdnszone1_ip, command=( -- 1.7.11.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
