diff options
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2015-12-23 12:44:31 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-12-24 07:16:25 +0100 |
| commit | 5b1a87e344f192ae6c43e11c5e62e5cabf8520d3 (patch) | |
| tree | 18df2b0a0d94a3dd3161ee8c006dcc12740cf5be /source4/dsdb | |
| parent | 906a53f442797942e29c899fb7a54a92f970e67e (diff) | |
| download | samba-5b1a87e344f192ae6c43e11c5e62e5cabf8520d3.tar.gz | |
dsdb subnets: warn when an IPv6 address is in IPv4 embedding range
We fail on these ones, and it isn't immediately obvious why. Windows
also fails on *most* of them, but succeeds on "::ffff:0:0" which is a
bit strange but there you go.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 24 07:16:25 CET 2015 on sn-devel-144
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 11 | ||||
| -rwxr-xr-x | source4/dsdb/tests/python/sites.py | 32 |
2 files changed, 43 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 91e9625bf40..b9b57db8882 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2753,6 +2753,17 @@ static int check_address_roundtrip(const char *address, int family, if (strcasecmp(address, address_redux) != 0){ DBG_INFO("Address %s round trips to %s; fail!\n", address, address_redux); + /* If the address family is IPv6, and the address is in a + certain range + + */ + if (strchr(address_redux, '.') != NULL){ + DEBUG(0, ("The IPv6 address '%s' has the misfortune of " + "lying in a range that was once used for " + "IPv4 embedding (that is, it might also be " + "represented as '%s').\n", address, + address_redux)); + } return -1; } return 0; diff --git a/source4/dsdb/tests/python/sites.py b/source4/dsdb/tests/python/sites.py index 1714ff814c7..acbf1c126f8 100755 --- a/source4/dsdb/tests/python/sites.py +++ b/source4/dsdb/tests/python/sites.py @@ -301,7 +301,33 @@ class SimpleSubnetTests(SitesBaseTests): # IP4 embedded - rejected "a::10.0.0.0/120", "a::10.9.8.7/128", + + # The next ones tinker indirectly with IPv4 embedding, + # where Windows has some odd behaviour. + # + # Samba's libreplace inet_ntop6 expects IPv4 embedding + # with addresses in these forms: + # + # ::wx:yz + # ::FFFF:wx:yz + # + # these will be stringified with trailing dottted decimal, thus: + # + # ::w.x.y.z + # ::ffff:w.x.y.z + # + # and this will cause the address to be rejected by Samba, + # because it uses a inet_pton / inet_ntop round trip to + # ascertain correctness. + "::ffff:0:0/96", #this one fails on WIN2012r2 + "::ffff:aaaa:a000/120", + "::ffff:10:0/120", + "::ffff:2:300/120", + "::3:0/120", + "::2:30/124", + "::ffff:2:30/124", + # completely wrong None, "bob", @@ -443,6 +469,12 @@ class SimpleSubnetTests(SitesBaseTests): "10:0:0:42::/64", "1::4:5:0:0:8/127", "2001:db8:0:1:1:1:1:1/128", + + # The "well-known prefix" 64::ff9b is another IPv4 + # embedding scheme. Let's try that. + "64:ff9b::aaaa:aaaa/127", + "64:ff9b::/120", + "64:ff9b::ffff:2:3/128", ] failures = [] |