From 82ad586f6cbf6e707add3c866ed4e37ade69b045 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Jun 20 2017 09:29:41 +0000
Subject: Fix local IP address validation


Previously bf9886a84393d1d1546db7e49b102e08a16a83e7 match_local has
undesirable side effect that CheckedIPAddress object has set self._net
from local interface.

However with the recent changes, match_local is usually set to False,
thus this side effect stops happening and default mask per address class
is used. This causes validation error because mask on interface and mask
used for provided IP addresses differ (reporducible only with classless
masks).

FreeIPA should compare only IP addresses with local addresses without masks

https://pagure.io/freeipa/issue/4317

Reviewed-By: David Kupka <dkupka@redhat.com>

---

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index a277ed8..647ee83 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -216,10 +216,10 @@ class CheckedIPAddress(UnsafeIPAddress):
                     addr=ifaddr,
                     netmask=ifdata['netmask']
                 ))
-                if ifnet == self._net or (
-                                self._net is None and ifnet.ip == self):
-                    self._net = ifnet
+
+                if ifnet.ip == self:
                     iface = interface
+                    self._net = ifnet
                     break
 
         return iface