From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 30 May 2014 07:31:25 +0000 (+0200)
Subject: API fix: allow aliases in IPSets
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=7c619bbb2cbb6d903cf49979d5cdded6bd5f15fd

API fix: allow aliases in IPSets
---

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 56dd4f2..6c7ab5e 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -12,7 +12,7 @@ use base qw(PVE::RESTHandler);
 my $api_properties = { 
     cidr => {
 	description => "Network/IP specification in CIDR format.",
-	type => 'string', format => 'IPv4orCIDR',
+	type => 'string', format => 'IPv4orCIDRorAlias',
     },
     name => get_standard_option('ipset-name'),
     comment => {
@@ -145,6 +145,17 @@ sub register_delete_ipset {
 	}});
 }
 
+my $verify_alias_exists = sub {
+    my ($cluster_conf, $fw_conf, $cidr) = @_;
+
+    if ($cidr !~ m/^\d/) {
+	my $alias = lc($cidr);
+	die "no such alias '$cidr'\n"
+	    if !(($cluster_conf && $cluster_conf->{aliases}->{$alias}) || 
+		 ($fw_conf && $fw_conf->{aliases}->{$alias}));
+    }
+};
+
 sub register_create_ip {
     my ($class) = @_;
 
@@ -178,7 +189,10 @@ sub register_create_ip {
 		    if $entry->{cidr} eq $cidr;
 	    }
 
+	    &$verify_alias_exists($cluster_conf, $fw_conf, $cidr);
+
 	    my $data = { cidr => $cidr };
+
 	    $data->{nomatch} = 1 if $param->{nomatch};
 	    $data->{comment} = $param->{comment} if $param->{comment};
 
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 62ce4d1..669c5d5 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -56,6 +56,21 @@ sub pve_verify_ipv4_or_cidr {
     die "value does not look like a valid IP address or CIDR network\n";
 }
 
+PVE::JSONSchema::register_format('IPv4orCIDRorAlias', \&pve_verify_ipv4_or_cidr_or_alias);
+sub pve_verify_ipv4_or_cidr_or_alias {
+    my ($cidr, $noerr) = @_;
+
+    return if $cidr =~ m/^(?:$ip_alias_pattern)$/;
+
+    if ($cidr =~ m!^(?:$IPV4RE)(/(\d+))?$!) {
+	return $cidr if Net::IP->new($cidr);
+	return undef if $noerr;
+	die Net::IP::Error() . "\n";
+    }
+    return undef if $noerr;
+    die "value does not look like a valid IP address or CIDR network\n";
+}
+
 PVE::JSONSchema::register_standard_option('ipset-name', {
     description => "IP set name.",
     type => 'string',