From 619d28865952e929d485e2b41d0708255dde1c90 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 10 Sep 2020 14:00:49 -0400
Subject: [PATCH 1/2] Don't allow both a zone name and --name-from-ip to be
 provided

--name-from-ip will generate a zone name so there is no point in
the user providing one. If one is provided and doesn't match the
generated name then a validation exception is raised.

https://pagure.io/freeipa/issue/8446

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
 ipaserver/plugins/dns.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipaserver/plugins/dns.py b/ipaserver/plugins/dns.py
index 7130f8f7dc..1c2d16c8cb 100644
--- a/ipaserver/plugins/dns.py
+++ b/ipaserver/plugins/dns.py
@@ -2142,6 +2142,13 @@ class DNSZoneBase_add(LDAPCreate):
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         assert isinstance(dn, DN)
 
+        if options.get('name_from_ip'):
+            zone = _reverse_zone_name(options.get('name_from_ip'))
+            if keys[-1] != DNSName(zone):
+                raise errors.ValidationError(
+                        name='name-from-ip',
+                        error=_("cannot be used when a zone is specified"))
+
         try:
             entry = ldap.get_entry(dn)
         except errors.NotFound:

From f17ba0d0e2046da5cb8f78348592d98bb214fac4 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 10 Sep 2020 14:02:06 -0400
Subject: [PATCH 2/2] ipatests: test that a zone name and name-from-ip will be
 rejected

If a zone name is provided then name-from-ip makes little sense,
don't allow it.

https://pagure.io/freeipa/issue/8446

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
 ipatests/test_xmlrpc/test_dns_plugin.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 5818d252af..7d03bac34f 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -685,6 +685,19 @@ def dns_setup(self, declarative_setup):
         ),
 
 
+        dict(
+            desc='Try to create a zone w/ a name and name-from-ipa %r' % zone1,
+            command=(
+                'dnszone_add', [zone1], {
+                    'idnssoarname': zone1_rname,
+                    'name_from_ip': revzone1_ip,
+                }
+            ),
+            expected=errors.ValidationError(
+                message=u'invalid \'name-from-ip\': cannot be used when a zone is specified'),
+        ),
+
+
         dict(
             desc='Retrieve zone %r' % zone1,
             command=('dnszone_show', [zone1], {}),