def test_create_shift_delete(self):
"""Create a subnet, shift it to another site, then delete it."""
basedn = self.ldb.get_config_basedn()
cidr = "10.11.12.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
subnets.set_subnet_site(self.ldb, basedn, cidr, self.sitename2)
ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))
sites = ret[0]['siteObject']
self.assertEqual(len(sites), 1)
self.assertEqual(sites[0],
'CN=testsite2,CN=Sites,{0!s}'.format(self.ldb.get_config_basedn()))
self.assertRaises(subnets.SubnetAlreadyExists,
subnets.create_subnet, self.ldb, basedn, cidr,
self.sitename)
subnets.delete_subnet(self.ldb, basedn, cidr)
ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))
self.assertEqual(len(ret), 0, 'Failed to delete subnet {0!s}'.format(cidr))
def test_create_shift_delete(self):
"""Create a subnet, shift it to another site, then delete it."""
basedn = self.ldb.get_config_basedn()
cidr = "10.11.12.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
subnets.set_subnet_site(self.ldb, basedn, cidr, self.sitename2)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
sites = ret[0]['siteObject']
self.assertEqual(len(sites), 1)
self.assertEqual(
sites[0],
'CN=testsite2,CN=Sites,%s' % self.ldb.get_config_basedn())
self.assertRaises(subnets.SubnetAlreadyExists, subnets.create_subnet,
self.ldb, basedn, cidr, self.sitename)
subnets.delete_subnet(self.ldb, basedn, cidr)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
def test_rename_good_subnet_to_bad_subnet(self):
"""Make sure that the CIDR checking runs during rename"""
basedn = self.ldb.get_config_basedn()
cidr = "10.17.0.0/24"
bad_cidr = "10.11.12.0/14"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
self.assertRaises(subnets.SubnetInvalid, subnets.rename_subnet,
self.ldb, basedn, cidr, bad_cidr)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
bad_cidr)
self.assertEqual(len(ret), 0, 'Failed to rename subnet %s' % cidr)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
self.assertEqual(len(ret), 1,
'Failed to remove old subnet during rename %s' % cidr)
subnets.delete_subnet(self.ldb, basedn, cidr)
def test_rename_good_subnet_to_good_subnet(self):
"""Make sure that we can rename subnets"""
basedn = self.ldb.get_config_basedn()
cidr = "10.16.0.0/24"
new_cidr = "10.16.1.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
subnets.rename_subnet(self.ldb, basedn, cidr, new_cidr)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
new_cidr)
self.assertEqual(len(ret), 1, 'Failed to rename subnet %s' % cidr)
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
self.assertEqual(len(ret), 0,
'Failed to remove old subnet during rename %s' % cidr)
subnets.delete_subnet(self.ldb, basedn, new_cidr)
def run(self, subnetname, site_of_subnet, H=None, sambaopts=None, credopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp)
samdb.transaction_start()
try:
subnets.create_subnet(samdb, samdb.get_config_basedn(), subnetname, site_of_subnet)
samdb.transaction_commit()
except subnets.SubnetException, e:
samdb.transaction_cancel()
raise CommandError("Error while creating subnet %s: %s" % (subnetname, e))
def test_rename_delete_good_subnet_to_good_subnet_other_user(self):
"""Make sure that we can't rename or delete subnets when we aren't
admin."""
basedn = self.ldb.get_config_basedn()
cidr = "10.16.0.0/24"
new_cidr = "10.16.1.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
user, non_admin_ldb = self.get_user_and_ldb("notadmin", "samba123@")
try:
subnets.rename_subnet(non_admin_ldb, basedn, cidr, new_cidr)
except LdbError as e:
self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
("subnet rename by non-admin failed "
"in the wrong way: %s" % e))
else:
self.fail("subnet rename by non-admin succeeded")
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
self.assertEqual(len(ret), 1, ('Subnet %s destroyed or renamed '
'by non-admin' % cidr))
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression=('(&(objectclass=subnet)(cn=%s))' %
new_cidr))
self.assertEqual(len(ret), 0,
'New subnet %s created by non-admin' % cidr)
try:
subnets.delete_subnet(non_admin_ldb, basedn, cidr)
except LdbError as e:
self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
("subnet delete by non-admin failed "
"in the wrong way: %s" % e))
else:
self.fail("subnet delete by non-admin succeeded:")
ret = self.ldb.search(base=basedn,
scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' %
cidr)
self.assertEqual(len(ret), 1, 'Subnet %s deleted non-admin' % cidr)
subnets.delete_subnet(self.ldb, basedn, cidr)
def test_create_delete(self):
"""Create a subnet and delete it again."""
basedn = self.ldb.get_config_basedn()
cidr = "10.11.12.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
self.assertRaises(subnets.SubnetAlreadyExists,
subnets.create_subnet, self.ldb, basedn, cidr,
self.sitename)
subnets.delete_subnet(self.ldb, basedn, cidr)
ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))
self.assertEqual(len(ret), 0, 'Failed to delete subnet {0!s}'.format(cidr))
def test_create_delete(self):
"""Create a subnet and delete it again."""
basedn = self.ldb.get_config_basedn()
cidr = "10.11.12.0/24"
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
self.assertRaises(subnets.SubnetAlreadyExists,
subnets.create_subnet, self.ldb, basedn, cidr,
self.sitename)
subnets.delete_subnet(self.ldb, basedn, cidr)
ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
expression='(&(objectclass=subnet)(cn=%s))' % cidr)
self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
def run(self, subnetname, site_of_subnet, H=None, sambaopts=None,
credopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
samdb.transaction_start()
try:
subnets.create_subnet(samdb, samdb.get_config_basedn(), subnetname,
site_of_subnet)
samdb.transaction_commit()
except subnets.SubnetException as e:
samdb.transaction_cancel()
raise CommandError("Error while creating subnet %s: %s" %
(subnetname, e))
self.outf.write("Subnet %s created !\n" % subnetname)
def test_create_good_ranges(self):
"""All of these CIDRs are good, and the subnet creation should
succeed."""
basedn = self.ldb.get_config_basedn()
cidrs = [
# IPv4
"10.11.12.0/24",
"10.11.12.0/23",
"10.11.12.0/25",
"110.0.0.0/7",
"1.0.0.0/32",
"10.11.13.0/32",
"10.11.13.1/32",
"99.0.97.0/24",
"1.2.3.4/30",
"10.11.12.0/22",
"0.12.13.0/24",
# IPv6
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/120",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11f0/124",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11fc/126",
# don't forget upper case
"FFFF:FFFF:FFFF:FFFF:ABCD:EfFF:FFFF:FFeF/128",
"9876::ab00/120",
"9876::abf0/124",
"9876::abfc/126",
"aaaa:bbbb::/32",
"aaaa:bbba::/31",
"aaaa:ba00::/23",
"aaaa:bb00::/24",
"aaaa:bb00::/77",
"::/48",
"a:b::/32",
"c000::/2",
"a::b00/120",
"1::2/127",
# this pattern of address suffix == mask is forbidden with
# IPv4 but OK for IPv6.
"8000::/1",
"c000::/2",
"ffff:ffff:ffc0::/42",
"FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128",
# leading zeros are forbidden, but implicit IPv6 zeros
# (via "::") are OK.
"::1000/116",
"::8000/113",
# taken to the logical conclusion, "::/0" should be OK, but no.
"::/48",
# Try some reserved ranges, which it might be reasonable
# to exclude, but which are not excluded in practice.
"129.0.0.0/16",
"129.255.0.0/16",
"100.64.0.0/10",
"127.0.0.0/8",
"127.0.0.0/24",
"169.254.0.0/16",
"169.254.1.0/24",
"192.0.0.0/24",
"192.0.2.0/24",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"224.0.0.0/4",
"130.129.0.0/16",
"130.255.0.0/16",
"192.12.0.0/24",
"223.255.255.0/24",
"240.255.255.0/24",
"224.0.0.0/8",
"::/96",
"100::/64",
"2001:10::/28",
"fec0::/10",
"ff00::/8",
"::1/128",
"2001:db8::/32",
"2001:10::/28",
"2002::/24",
"2002:a00::/24",
"2002:7f00::/24",
"2002:a9fe::/32",
"2002:ac10::/28",
"2002:c000::/40",
"2002:c000:200::/40",
"2002:c0a8::/32",
"2002:c612::/31",
"2002:c633:6400::/40",
"2002:cb00:7100::/40",
"2002:e000::/20",
"2002:f000::/20",
"2002:ffff:ffff::/48",
"2001::/40",
"2001:0:a00::/40",
"2001:0:7f00::/40",
"2001:0:a9fe::/48",
"2001:0:ac10::/44",
"2001:0:c000::/56",
"2001:0:c000:200::/56",
"2001:0:c0a8::/48",
"2001:0:c612::/47",
"2001:0:c633:6400::/56",
"2001:0:cb00:7100::/56",
"2001:0:e000::/36",
"2001:0:f000::/36",
"2001:0:ffff:ffff::/64",
# non-RFC-5952 versions of these are tested in create_bad_ranges
"2001:0:c633:63::1:0/120",
"10:0:0:42::/64",
"1::4:5:0:0:8/127",
"2001:db8:0:1:1:1:1:1/128",
# The "well-known prefix" 64::ff9b is another IPv4
# embedding scheme. Let's try that.
"64:ff9b::aaaa:aaaa/127",
"64:ff9b::/120",
"64:ff9b::ffff:2:3/128",
]
failures = []
for cidr in cidrs:
try:
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
except subnets.SubnetInvalid as e:
print(e)
failures.append(cidr)
continue
ret = self.ldb.search(
base=basedn,
scope=SCOPE_SUBTREE,
expression=('(&(objectclass=subnet)(cn=%s))' % cidr))
if len(ret) != 1:
print("%s was not created" % cidr)
failures.append(cidr)
continue
subnets.delete_subnet(self.ldb, basedn, cidr)
if failures:
print("These good subnet names were not accepted:")
for cidr in failures:
print(" %s" % cidr)
self.fail()
def test_create_bad_ranges(self):
"""These CIDR ranges all have something wrong with them, and they
should all fail."""
basedn = self.ldb.get_config_basedn()
cidrs = [
# IPv4
# insufficient zeros
"10.11.12.0/14",
"110.0.0.0/6",
"1.0.0.0/0",
"10.11.13.1/24",
"1.2.3.4/29",
"10.11.12.0/21",
# out of range mask
"110.0.0.0/33",
"110.0.0.0/-1",
"4.0.0.0/111",
# out of range address
"310.0.0.0/24",
"10.0.0.256/32",
"1.1.-20.0/24",
# badly formed
"1.0.0.0/1e",
"1.0.0.0/24.0",
"1.0.0.0/1/1",
"1.0.0.0",
"1.c.0.0/24",
"1.2.0.0.0/27",
"1.23.0/24",
"1.23.0.-7/24",
"1.-23.0.7/24",
"1.23.-0.7/24",
"1.23.0.0/0x10",
# IPv6 insufficient zeros -- this could be a subtle one
# due to the vagaries of endianness in the 16 bit groups.
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/119",
"aaaa:bbbb::/31",
"a:b::/31",
"c000::/1",
"a::b00/119",
"1::1/127",
"1::2/126",
"1::100/119",
"1::8000/112",
# out of range mask
"a:b::/130",
"a:b::/-1",
"::/129",
# An IPv4 address can't be exactly the bitmask (MS ADTS)
"128.0.0.0/1",
"192.0.0.0/2",
"255.192.0.0/10",
"255.255.255.0/24",
"255.255.255.255/32",
"0.0.0.0/0",
# The address can't have leading zeros (not RFC 4632, but MS ADTS)
"00.1.2.0/24",
"003.1.2.0/24",
"022.1.0.0/16",
"00000000000000000000000003.1.2.0/24",
"09876::abfc/126",
"0aaaa:bbbb::/32",
"009876::abfc/126",
"000a:bbbb::/32",
# How about extraneous zeros later on
"3.01.2.0/24",
"3.1.2.00/24",
"22.001.0.0/16",
"3.01.02.0/24",
"100a:0bbb:0023::/48",
"100a::0023/128",
# Windows doesn't like the zero IPv4 address
"0.0.0.0/8",
# or the zero mask on IPv6
"::/0",
# various violations of RFC5952
"0:0:0:0:0:0:0:0/8",
"0::0/0",
"::0:0/48",
"::0:4/128",
"0::/8",
"0::4f/128",
"0::42:0:0:0:0/64",
"4f::0/48",
# badly formed -- mostly the wrong arrangement of colons
"a::b::0/120",
"a::abcdf:0/120",
"a::g:0/120",
"::0::3/48",
"2001:3::110::3/118",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1111:0000/128",
"a:::5:0/120",
# non-canonical representations (vs RFC 5952)
# "2001:0:c633:63::1:0/120" is correct
"2001:0:c633:63:0:0:1:0/120",
"2001::c633:63:0:0:1:0/120",
"2001:0:c633:63:0:0:1::/120",
# "10:0:0:42::/64" is correct
"10::42:0:0:0:0/64",
"10:0:0:42:0:0:0:0/64",
# "1::4:5:0:0:8/127" is correct
"1:0:0:4:5:0:0:8/127",
"1:0:0:4:5::8/127",
# "2001:db8:0:1:1:1:1:1/128" is correct
"2001:db8::1:1:1:1:1/128",
# IP4 embedded - rejected
"a::10.0.0.0/120",
"a::10.9.8.7/128",
# The next ones tinker indirectly with IPv4 embedding,
# where Windows has some odd behaviour.
#
# Samba's libreplace inet_ntop6 expects IPv4 embedding
# with addresses in these forms:
#
# ::wx:yz
# ::FFFF:wx:yz
#
# these will be stringified with trailing dottted decimal, thus:
#
# ::w.x.y.z
# ::ffff:w.x.y.z
#
# and this will cause the address to be rejected by Samba,
# because it uses a inet_pton / inet_ntop round trip to
# ascertain correctness.
"::ffff:0:0/96", # this one fails on WIN2012r2
"::ffff:aaaa:a000/120",
"::ffff:10:0/120",
"::ffff:2:300/120",
"::3:0/120",
"::2:30/124",
"::ffff:2:30/124",
# completely wrong
None,
"bob",
3.1415,
False,
"10.11.16.0/24\x00hidden bytes past a zero",
self,
]
failures = []
for cidr in cidrs:
try:
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
except subnets.SubnetInvalid:
print("%s fails properly" % (cidr, ), file=sys.stderr)
continue
# we are here because it succeeded when it shouldn't have.
print("CIDR %s fails to fail" % (cidr, ), file=sys.stderr)
failures.append(cidr)
subnets.delete_subnet(self.ldb, basedn, cidr)
if failures:
print("These bad subnet names were accepted:")
for cidr in failures:
print(" %s" % cidr)
self.fail()
def test_create_good_ranges(self):
"""All of these CIDRs are good, and the subnet creation should
succeed."""
basedn = self.ldb.get_config_basedn()
cidrs = [
# IPv4
"10.11.12.0/24",
"10.11.12.0/23",
"10.11.12.0/25",
"110.0.0.0/7",
"1.0.0.0/32",
"10.11.13.0/32",
"10.11.13.1/32",
"99.0.97.0/24",
"1.2.3.4/30",
"10.11.12.0/22",
"0.12.13.0/24",
# IPv6
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/120",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11f0/124",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11fc/126",
# don't forget upper case
"FFFF:FFFF:FFFF:FFFF:ABCD:EfFF:FFFF:FFeF/128",
"9876::ab00/120",
"9876::abf0/124",
"9876::abfc/126",
"aaaa:bbbb::/32",
"aaaa:bbba::/31",
"aaaa:ba00::/23",
"aaaa:bb00::/24",
"aaaa:bb00::/77",
"::/48",
"a:b::/32",
"c000::/2",
"a::b00/120",
"1::2/127",
# this pattern of address suffix == mask is forbidden with
# IPv4 but OK for IPv6.
"8000::/1",
"c000::/2",
"ffff:ffff:ffc0::/42",
"FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128",
# leading zeros are forbidden, but implicit IPv6 zeros
# (via "::") are OK.
"::1000/116",
"::8000/113",
# taken to the logical conclusion, "::/0" should be OK, but no.
"::/48",
# Try some reserved ranges, which it might be reasonable
# to exclude, but which are not excluded in practice.
"129.0.0.0/16",
"129.255.0.0/16",
"100.64.0.0/10",
"127.0.0.0/8",
"127.0.0.0/24",
"169.254.0.0/16",
"169.254.1.0/24",
"192.0.0.0/24",
"192.0.2.0/24",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"224.0.0.0/4",
"130.129.0.0/16",
"130.255.0.0/16",
"192.12.0.0/24",
"223.255.255.0/24",
"240.255.255.0/24",
"224.0.0.0/8",
"::/96",
"100::/64",
"2001:10::/28",
"fec0::/10",
"ff00::/8",
"::1/128",
"2001:db8::/32",
"2001:10::/28",
"2002::/24",
"2002:a00::/24",
"2002:7f00::/24",
"2002:a9fe::/32",
"2002:ac10::/28",
"2002:c000::/40",
"2002:c000:200::/40",
"2002:c0a8::/32",
"2002:c612::/31",
"2002:c633:6400::/40",
"2002:cb00:7100::/40",
"2002:e000::/20",
"2002:f000::/20",
"2002:ffff:ffff::/48",
"2001::/40",
"2001:0:a00::/40",
"2001:0:7f00::/40",
"2001:0:a9fe::/48",
"2001:0:ac10::/44",
"2001:0:c000::/56",
"2001:0:c000:200::/56",
"2001:0:c0a8::/48",
"2001:0:c612::/47",
"2001:0:c633:6400::/56",
"2001:0:cb00:7100::/56",
"2001:0:e000::/36",
"2001:0:f000::/36",
"2001:0:ffff:ffff::/64",
# non-RFC-5952 versions of these are tested in create_bad_ranges
"2001:0:c633:63::1:0/120",
"10:0:0:42::/64",
"1::4:5:0:0:8/127",
"2001:db8:0:1:1:1:1:1/128",
# The "well-known prefix" 64::ff9b is another IPv4
# embedding scheme. Let's try that.
"64:ff9b::aaaa:aaaa/127",
"64:ff9b::/120",
"64:ff9b::ffff:2:3/128",
]
failures = []
for cidr in cidrs:
try:
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
except subnets.SubnetInvalid, e:
print e
failures.append(cidr)
continue
ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
expression=('(&(objectclass=subnet)(cn={0!s}))'.format(
cidr)))
if len(ret) != 1:
print "{0!s} was not created".format(cidr)
failures.append(cidr)
continue
subnets.delete_subnet(self.ldb, basedn, cidr)
def test_create_bad_ranges(self):
"""These CIDR ranges all have something wrong with them, and they
should all fail."""
basedn = self.ldb.get_config_basedn()
cidrs = [
# IPv4
# insufficient zeros
"10.11.12.0/14",
"110.0.0.0/6",
"1.0.0.0/0",
"10.11.13.1/24",
"1.2.3.4/29",
"10.11.12.0/21",
# out of range mask
"110.0.0.0/33",
"110.0.0.0/-1",
"4.0.0.0/111",
# out of range address
"310.0.0.0/24",
"10.0.0.256/32",
"1.1.-20.0/24",
# badly formed
"1.0.0.0/1e",
"1.0.0.0/24.0",
"1.0.0.0/1/1",
"1.0.0.0",
"1.c.0.0/24",
"1.2.0.0.0/27",
"1.23.0/24",
"1.23.0.-7/24",
"1.-23.0.7/24",
"1.23.-0.7/24",
"1.23.0.0/0x10",
# IPv6 insufficient zeros -- this could be a subtle one
# due to the vagaries of endianness in the 16 bit groups.
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/119",
"aaaa:bbbb::/31",
"a:b::/31",
"c000::/1",
"a::b00/119",
"1::1/127",
"1::2/126",
"1::100/119",
"1::8000/112",
# out of range mask
"a:b::/130",
"a:b::/-1",
"::/129",
# An IPv4 address can't be exactly the bitmask (MS ADTS)
"128.0.0.0/1",
"192.0.0.0/2",
"255.192.0.0/10",
"255.255.255.0/24",
"255.255.255.255/32",
"0.0.0.0/0",
# The address can't have leading zeros (not RFC 4632, but MS ADTS)
"00.1.2.0/24",
"003.1.2.0/24",
"022.1.0.0/16",
"00000000000000000000000003.1.2.0/24",
"09876::abfc/126",
"0aaaa:bbbb::/32",
"009876::abfc/126",
"000a:bbbb::/32",
# How about extraneous zeros later on
"3.01.2.0/24",
"3.1.2.00/24",
"22.001.0.0/16",
"3.01.02.0/24",
"100a:0bbb:0023::/48",
"100a::0023/128",
# Windows doesn't like the zero IPv4 address
"0.0.0.0/8",
# or the zero mask on IPv6
"::/0",
# various violations of RFC5952
"0:0:0:0:0:0:0:0/8",
"0::0/0",
"::0:0/48",
"::0:4/128",
"0::/8",
"0::4f/128",
"0::42:0:0:0:0/64",
"4f::0/48",
# badly formed -- mostly the wrong arrangement of colons
"a::b::0/120",
"a::abcdf:0/120",
"a::g:0/120",
"::0::3/48",
"2001:3::110::3/118",
"aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1111:0000/128",
"a:::5:0/120",
# non-canonical representations (vs RFC 5952)
# "2001:0:c633:63::1:0/120" is correct
"2001:0:c633:63:0:0:1:0/120",
"2001::c633:63:0:0:1:0/120",
"2001:0:c633:63:0:0:1::/120",
# "10:0:0:42::/64" is correct
"10::42:0:0:0:0/64",
"10:0:0:42:0:0:0:0/64",
# "1::4:5:0:0:8/127" is correct
"1:0:0:4:5:0:0:8/127",
"1:0:0:4:5::8/127",
# "2001:db8:0:1:1:1:1:1/128" is correct
"2001:db8::1:1:1:1:1/128",
# IP4 embedded - rejected
"a::10.0.0.0/120",
"a::10.9.8.7/128",
# The next ones tinker indirectly with IPv4 embedding,
# where Windows has some odd behaviour.
#
# Samba's libreplace inet_ntop6 expects IPv4 embedding
# with addresses in these forms:
#
# ::wx:yz
# ::FFFF:wx:yz
#
# these will be stringified with trailing dottted decimal, thus:
#
# ::w.x.y.z
# ::ffff:w.x.y.z
#
# and this will cause the address to be rejected by Samba,
# because it uses a inet_pton / inet_ntop round trip to
# ascertain correctness.
"::ffff:0:0/96", #this one fails on WIN2012r2
"::ffff:aaaa:a000/120",
"::ffff:10:0/120",
"::ffff:2:300/120",
"::3:0/120",
"::2:30/124",
"::ffff:2:30/124",
# completely wrong
None,
"bob",
3.1415,
False,
"10.11.16.0/24\x00hidden bytes past a zero",
self,
]
failures = []
for cidr in cidrs:
try:
subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
except subnets.SubnetInvalid:
print >> sys.stderr, "{0!s} fails properly".format(cidr)
continue
# we are here because it succeeded when it shouldn't have.
print >> sys.stderr, "CIDR {0!s} fails to fail".format(cidr)
failures.append(cidr)
subnets.delete_subnet(self.ldb, basedn, cidr)
if failures:
print "These bad subnet names were accepted:"
for cidr in failures:
print " {0!s}".format(cidr)
self.fail()
