Fix for #2967 (RFC-1123 problem and regression on wildcarded domains)

The core bug here was a regression introduced by my IPv6 patch.
Wildcarded domains are stored as ["com","reductivelabs","*"] but
the code in question was assuming it was in normal order.

Added tests to prevet recurrence.

Signed-off-by: Markus Roberts <Markus@reality.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/spec/unit/network/authstore.rb b/spec/unit/network/authstore.rb
index c822c9002..58eb92693 100644
--- a/spec/unit/network/authstore.rb
+++ b/spec/unit/network/authstore.rb
@@ -278,6 +278,28 @@ describe Puppet::Network::AuthStore::Declaration do
         end
     }
 
+    ['abc.12seps.edu.phisher.biz','www.google.com','slashdot.org'].each { |host|
+        (1...(host.split('.').length)).each { |n|
+            describe "when the pattern is #{"*."+host.split('.')[-n,n].join('.')}" do
+                before :each do
+                    @pattern = "*."+host.split('.')[-n,n].join('.')
+                    @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@pattern)
+                end
+                it "should match #{host}" do
+                    @declaration.should be_match(host,'1.2.3.4')
+                end
+                it "should not match www.testsite.gov" do
+                    @declaration.should_not be_match('www.testsite.gov','200.101.99.98')
+                end
+                it "should not match hosts that differ in the first non-wildcard segment" do
+                    other = host.split('.')
+                    other[-n].succ!
+                    @declaration.should_not be_match(other.join('.'),'1.2.3.4')
+                end
+            end
+        }
+    }
+
     describe "when the pattern is a FQDN" do
         before :each do
             @host = 'spirit.mars.nasa.gov.'