diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 444487ad9..acfd70cae 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -95,6 +95,12 @@ class CheckedIPAddress(netaddr.IPAddress): raise ValueError("unsupported IP version") if addr.is_loopback(): raise ValueError("cannot use loopback IP address") + if addr.is_reserved() or addr in netaddr.ip.IPV4_6TO4: + raise ValueError("cannot use IANA reserved IP address") + if addr.is_link_local(): + raise ValueError("cannot use link-local IP address") + if addr.is_multicast(): + raise ValueError("cannot use multicast IP address") if match_local: if addr.version == 4: @@ -122,6 +128,11 @@ class CheckedIPAddress(netaddr.IPAddress): elif addr.version == 6: net = netaddr.IPNetwork(str(addr) + '/64') + if addr == net.network: + raise ValueError("cannot use IP network address") + if addr.version == 4 and addr == net.broadcast: + raise ValueError("cannot use broadcast IP address") + super(CheckedIPAddress, self).__init__(addr) self.prefixlen = net.prefixlen self.defaultnet = defnet diff --git a/tests/test_ipapython/test_ipautil.py b/tests/test_ipapython/test_ipautil.py index 03f5f7b18..68391c2e1 100644 --- a/tests/test_ipapython/test_ipautil.py +++ b/tests/test_ipapython/test_ipautil.py @@ -42,12 +42,21 @@ def test_ip_address(): ('10.11.12.1337',), ('10.11.12.13/33',), ('127.0.0.1',), + ('241.1.2.3',), + ('169.254.1.2',), + ('10.11.12.0/24',), + ('224.5.6.7',), + ('10.11.12.255/24',), ('2001::1', (0x2001, 0, 0, 0, 0, 0, 0, 1), 64), ('2001::1/72', (0x2001, 0, 0, 0, 0, 0, 0, 1), 72), ('2001::1beef',), ('2001::1/129',), ('::1',), + ('6789::1',), + ('fe89::1',), + ('2001::/64',), + ('ff01::1',), ('junk',) ]