IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Do stricter checking of IP addressed passed to server install.

Browse Source 
ticket 1213
This commit is contained in:
Jan Cholasta 2011-05-27 13:51:21 +02:00 committed by Martin Kosek
parent db78f36235
commit fd639bc88c
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ipapython/ipautil.py
View File

@ -95,6 +95,12 @@ class CheckedIPAddress(netaddr.IPAddress):
raise ValueError("unsupported IP version")
if addr.is_loopback():
raise ValueError("cannot use loopback IP address")
if addr.is_reserved() or addr in netaddr.ip.IPV4_6TO4:
raise ValueError("cannot use IANA reserved IP address")
if addr.is_link_local():
raise ValueError("cannot use link-local IP address")
if addr.is_multicast():
raise ValueError("cannot use multicast IP address")
if match_local:
if addr.version == 4:
@ -122,6 +128,11 @@ class CheckedIPAddress(netaddr.IPAddress):
elif addr.version == 6:
net = netaddr.IPNetwork(str(addr) + '/64')
if addr == net.network:
raise ValueError("cannot use IP network address")
if addr.version == 4 and addr == net.broadcast:
raise ValueError("cannot use broadcast IP address")
super(CheckedIPAddress, self).__init__(addr)
self.prefixlen = net.prefixlen
self.defaultnet = defnet

9
tests/test_ipapython/test_ipautil.py
View File

@ -42,12 +42,21 @@ def test_ip_address():
('10.11.12.1337',),
('10.11.12.13/33',),
('127.0.0.1',),
('241.1.2.3',),
('169.254.1.2',),
('10.11.12.0/24',),
('224.5.6.7',),
('10.11.12.255/24',),
('2001::1', (0x2001, 0, 0, 0, 0, 0, 0, 1), 64),
('2001::1/72', (0x2001, 0, 0, 0, 0, 0, 0, 1), 72),
('2001::1beef',),
('2001::1/129',),
('::1',),
('6789::1',),
('fe89::1',),
('2001::/64',),
('ff01::1',),
('junk',)
]