summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2011-05-27 13:51:21 +0200
committerMartin Kosek <mkosek@redhat.com>2011-05-30 13:38:46 +0200
commitfd639bc88c2b811fda538988593dc8898ea5ab6d (patch)
tree173b556800d81fd8fa7a361c123b7e5e882727b8 /ipapython
parentdb78f362358862c5225f8d3b83ecc2a88d47e45b (diff)
downloadfreeipa-fd639bc88c2b811fda538988593dc8898ea5ab6d.tar.gz
freeipa-fd639bc88c2b811fda538988593dc8898ea5ab6d.tar.xz
freeipa-fd639bc88c2b811fda538988593dc8898ea5ab6d.zip
Do stricter checking of IP addressed passed to server install.
ticket 1213
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/ipautil.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 444487ad9..acfd70cae 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -95,6 +95,12 @@ class CheckedIPAddress(netaddr.IPAddress):
raise ValueError("unsupported IP version")
if addr.is_loopback():
raise ValueError("cannot use loopback IP address")
+ if addr.is_reserved() or addr in netaddr.ip.IPV4_6TO4:
+ raise ValueError("cannot use IANA reserved IP address")
+ if addr.is_link_local():
+ raise ValueError("cannot use link-local IP address")
+ if addr.is_multicast():
+ raise ValueError("cannot use multicast IP address")
if match_local:
if addr.version == 4:
@@ -122,6 +128,11 @@ class CheckedIPAddress(netaddr.IPAddress):
elif addr.version == 6:
net = netaddr.IPNetwork(str(addr) + '/64')
+ if addr == net.network:
+ raise ValueError("cannot use IP network address")
+ if addr.version == 4 and addr == net.broadcast:
+ raise ValueError("cannot use broadcast IP address")
+
super(CheckedIPAddress, self).__init__(addr)
self.prefixlen = net.prefixlen
self.defaultnet = defnet
generated by cgit (git 2.34.1) at 2024-04-25 00:32:33 +0000