ZOOKEEPER-1673. Zookeeper don't support cidr in expression in ACL with ip scheme (Craig Condit via michim)

git-svn-id: https://svn.apache.org/repos/asf/zookeeper/trunk@1590157 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -623,6 +623,9 @@ BUGFIXES:
   ZOOKEEPER-1819. DeserializationPerfTest calls method with wrong arguments
   (Daniel Knightly via michim)
 
+  ZOOKEEPER-1673. Zookeeper don't support cidr in expression in ACL with ip
+  scheme (Craig Condit via michim)
+
 IMPROVEMENTS:
 
   ZOOKEEPER-1170. Fix compiler (eclipse) warnings: unused imports,

src/java/main/org/apache/zookeeper/server/auth/IPAuthenticationProvider.java

@@ -112,6 +112,21 @@ public class IPAuthenticationProvider implements AuthenticationProvider {
     }
 
     public boolean isValid(String id) {
-        return addr2Bytes(id) != null;
+        String parts[] = id.split("/", 2);
+        byte aclAddr[] = addr2Bytes(parts[0]);
+        if (aclAddr == null) {
+            return false;
+        }
+        if (parts.length == 2) {
+            try {
+                int bits = Integer.parseInt(parts[1]);
+                if (bits < 0 || bits > aclAddr.length * 8) {
+                    return false;
+                }
+            } catch (NumberFormatException e) {
+                return false;
+            }
+        }
+        return true;
     }
 }

src/java/test/org/apache/zookeeper/test/ACLTest.java

@@ -40,6 +40,7 @@ import org.apache.zookeeper.data.Id;
 import org.apache.zookeeper.server.ServerCnxnFactory;
 import org.apache.zookeeper.server.SyncRequestProcessor;
 import org.apache.zookeeper.server.ZooKeeperServer;
+import org.apache.zookeeper.server.auth.IPAuthenticationProvider;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -49,6 +50,16 @@ public class ACLTest extends ZKTestCase implements Watcher {
         "127.0.0.1:" + PortAssignment.unique();
     private volatile CountDownLatch startSignal;
 
+    @Test
+    public void testIPAuthenticationIsValidCIDR() throws Exception {
+        IPAuthenticationProvider prov = new IPAuthenticationProvider();
+        Assert.assertTrue("testing no netmask", prov.isValid("127.0.0.1"));
+        Assert.assertTrue("testing single ip netmask", prov.isValid("127.0.0.1/32"));
+        Assert.assertTrue("testing lowest netmask possible", prov.isValid("127.0.0.1/0"));
+        Assert.assertFalse("testing netmask too high", prov.isValid("127.0.0.1/33"));
+        Assert.assertFalse("testing netmask too low", prov.isValid("10.0.0.1/-1"));
+    }
+
     @Test
     public void testDisconnectedAddAuth() throws Exception {
         File tmpDir = ClientBase.createTmpDir();