Пример #1
0
    def test_create_shift_delete(self):
        """Create a subnet, shift it to another site, then delete it."""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.11.12.0/24"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        subnets.set_subnet_site(self.ldb, basedn, cidr, self.sitename2)

        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))

        sites = ret[0]['siteObject']
        self.assertEqual(len(sites), 1)
        self.assertEqual(sites[0],
                         'CN=testsite2,CN=Sites,{0!s}'.format(self.ldb.get_config_basedn()))

        self.assertRaises(subnets.SubnetAlreadyExists,
                          subnets.create_subnet, self.ldb, basedn, cidr,
                          self.sitename)

        subnets.delete_subnet(self.ldb, basedn, cidr)

        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))

        self.assertEqual(len(ret), 0, 'Failed to delete subnet {0!s}'.format(cidr))
Пример #2
0
    def test_create_shift_delete(self):
        """Create a subnet, shift it to another site, then delete it."""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.11.12.0/24"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        subnets.set_subnet_site(self.ldb, basedn, cidr, self.sitename2)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        sites = ret[0]['siteObject']
        self.assertEqual(len(sites), 1)
        self.assertEqual(
            sites[0],
            'CN=testsite2,CN=Sites,%s' % self.ldb.get_config_basedn())

        self.assertRaises(subnets.SubnetAlreadyExists, subnets.create_subnet,
                          self.ldb, basedn, cidr, self.sitename)

        subnets.delete_subnet(self.ldb, basedn, cidr)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
Пример #3
0
    def test_rename_good_subnet_to_bad_subnet(self):
        """Make sure that the CIDR checking runs during rename"""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.17.0.0/24"
        bad_cidr = "10.11.12.0/14"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        self.assertRaises(subnets.SubnetInvalid, subnets.rename_subnet,
                          self.ldb, basedn, cidr, bad_cidr)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              bad_cidr)

        self.assertEqual(len(ret), 0, 'Failed to rename subnet %s' % cidr)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        self.assertEqual(len(ret), 1,
                         'Failed to remove old subnet during rename %s' % cidr)

        subnets.delete_subnet(self.ldb, basedn, cidr)
Пример #4
0
    def test_rename_good_subnet_to_good_subnet(self):
        """Make sure that we can rename subnets"""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.16.0.0/24"
        new_cidr = "10.16.1.0/24"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        subnets.rename_subnet(self.ldb, basedn, cidr, new_cidr)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              new_cidr)

        self.assertEqual(len(ret), 1, 'Failed to rename subnet %s' % cidr)

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        self.assertEqual(len(ret), 0,
                         'Failed to remove old subnet during rename %s' % cidr)

        subnets.delete_subnet(self.ldb, basedn, new_cidr)
Пример #5
0
    def run(self, subnetname, site_of_subnet, H=None, sambaopts=None, credopts=None, versionopts=None):
        lp = sambaopts.get_loadparm()
        creds = credopts.get_credentials(lp)
        samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp)

        samdb.transaction_start()
        try:
            subnets.create_subnet(samdb, samdb.get_config_basedn(), subnetname, site_of_subnet)
            samdb.transaction_commit()
        except subnets.SubnetException, e:
            samdb.transaction_cancel()
            raise CommandError("Error while creating subnet %s: %s" % (subnetname, e))
Пример #6
0
    def test_rename_delete_good_subnet_to_good_subnet_other_user(self):
        """Make sure that we can't rename or delete subnets when we aren't
        admin."""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.16.0.0/24"
        new_cidr = "10.16.1.0/24"
        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
        user, non_admin_ldb = self.get_user_and_ldb("notadmin", "samba123@")
        try:
            subnets.rename_subnet(non_admin_ldb, basedn, cidr, new_cidr)
        except LdbError as e:
            self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
                             ("subnet rename by non-admin failed "
                              "in the wrong way: %s" % e))
        else:
            self.fail("subnet rename by non-admin succeeded")

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        self.assertEqual(len(ret), 1, ('Subnet %s destroyed or renamed '
                                       'by non-admin' % cidr))

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression=('(&(objectclass=subnet)(cn=%s))' %
                                          new_cidr))

        self.assertEqual(len(ret), 0,
                         'New subnet %s created by non-admin' % cidr)

        try:
            subnets.delete_subnet(non_admin_ldb, basedn, cidr)
        except LdbError as e:
            self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
                             ("subnet delete by non-admin failed "
                              "in the wrong way: %s" % e))
        else:
            self.fail("subnet delete by non-admin succeeded:")

        ret = self.ldb.search(base=basedn,
                              scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' %
                              cidr)

        self.assertEqual(len(ret), 1, 'Subnet %s deleted non-admin' % cidr)

        subnets.delete_subnet(self.ldb, basedn, cidr)
Пример #7
0
    def test_create_delete(self):
        """Create a subnet and delete it again."""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.11.12.0/24"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        self.assertRaises(subnets.SubnetAlreadyExists,
                          subnets.create_subnet, self.ldb, basedn, cidr,
                          self.sitename)

        subnets.delete_subnet(self.ldb, basedn, cidr)

        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn={0!s}))'.format(cidr))

        self.assertEqual(len(ret), 0, 'Failed to delete subnet {0!s}'.format(cidr))
Пример #8
0
    def test_create_delete(self):
        """Create a subnet and delete it again."""
        basedn = self.ldb.get_config_basedn()
        cidr = "10.11.12.0/24"

        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)

        self.assertRaises(subnets.SubnetAlreadyExists,
                          subnets.create_subnet, self.ldb, basedn, cidr,
                          self.sitename)

        subnets.delete_subnet(self.ldb, basedn, cidr)

        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)

        self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
Пример #9
0
    def run(self, subnetname, site_of_subnet, H=None, sambaopts=None,
            credopts=None, versionopts=None):
        lp = sambaopts.get_loadparm()
        creds = credopts.get_credentials(lp)
        samdb = SamDB(url=H, session_info=system_session(),
                      credentials=creds, lp=lp)

        samdb.transaction_start()
        try:
            subnets.create_subnet(samdb, samdb.get_config_basedn(), subnetname,
                                  site_of_subnet)
            samdb.transaction_commit()
        except subnets.SubnetException as e:
            samdb.transaction_cancel()
            raise CommandError("Error while creating subnet %s: %s" %
                               (subnetname, e))

        self.outf.write("Subnet %s created !\n" % subnetname)
Пример #10
0
    def test_create_good_ranges(self):
        """All of these CIDRs are good, and the subnet creation should
        succeed."""
        basedn = self.ldb.get_config_basedn()

        cidrs = [
            # IPv4
            "10.11.12.0/24",
            "10.11.12.0/23",
            "10.11.12.0/25",
            "110.0.0.0/7",
            "1.0.0.0/32",
            "10.11.13.0/32",
            "10.11.13.1/32",
            "99.0.97.0/24",
            "1.2.3.4/30",
            "10.11.12.0/22",
            "0.12.13.0/24",
            # IPv6
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/120",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11f0/124",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11fc/126",
            # don't forget upper case
            "FFFF:FFFF:FFFF:FFFF:ABCD:EfFF:FFFF:FFeF/128",
            "9876::ab00/120",
            "9876::abf0/124",
            "9876::abfc/126",
            "aaaa:bbbb::/32",
            "aaaa:bbba::/31",
            "aaaa:ba00::/23",
            "aaaa:bb00::/24",
            "aaaa:bb00::/77",
            "::/48",
            "a:b::/32",
            "c000::/2",
            "a::b00/120",
            "1::2/127",
            # this pattern of address suffix == mask is forbidden with
            # IPv4 but OK for IPv6.
            "8000::/1",
            "c000::/2",
            "ffff:ffff:ffc0::/42",
            "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128",
            # leading zeros are forbidden, but implicit IPv6 zeros
            # (via "::") are OK.
            "::1000/116",
            "::8000/113",
            # taken to the logical conclusion, "::/0" should be OK, but no.
            "::/48",

            # Try some reserved ranges, which it might be reasonable
            # to exclude, but which are not excluded in practice.
            "129.0.0.0/16",
            "129.255.0.0/16",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "127.0.0.0/24",
            "169.254.0.0/16",
            "169.254.1.0/24",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "224.0.0.0/4",
            "130.129.0.0/16",
            "130.255.0.0/16",
            "192.12.0.0/24",
            "223.255.255.0/24",
            "240.255.255.0/24",
            "224.0.0.0/8",
            "::/96",
            "100::/64",
            "2001:10::/28",
            "fec0::/10",
            "ff00::/8",
            "::1/128",
            "2001:db8::/32",
            "2001:10::/28",
            "2002::/24",
            "2002:a00::/24",
            "2002:7f00::/24",
            "2002:a9fe::/32",
            "2002:ac10::/28",
            "2002:c000::/40",
            "2002:c000:200::/40",
            "2002:c0a8::/32",
            "2002:c612::/31",
            "2002:c633:6400::/40",
            "2002:cb00:7100::/40",
            "2002:e000::/20",
            "2002:f000::/20",
            "2002:ffff:ffff::/48",
            "2001::/40",
            "2001:0:a00::/40",
            "2001:0:7f00::/40",
            "2001:0:a9fe::/48",
            "2001:0:ac10::/44",
            "2001:0:c000::/56",
            "2001:0:c000:200::/56",
            "2001:0:c0a8::/48",
            "2001:0:c612::/47",
            "2001:0:c633:6400::/56",
            "2001:0:cb00:7100::/56",
            "2001:0:e000::/36",
            "2001:0:f000::/36",
            "2001:0:ffff:ffff::/64",

            # non-RFC-5952 versions of these are tested in create_bad_ranges
            "2001:0:c633:63::1:0/120",
            "10:0:0:42::/64",
            "1::4:5:0:0:8/127",
            "2001:db8:0:1:1:1:1:1/128",

            # The "well-known prefix" 64::ff9b is another IPv4
            # embedding scheme. Let's try that.
            "64:ff9b::aaaa:aaaa/127",
            "64:ff9b::/120",
            "64:ff9b::ffff:2:3/128",
        ]
        failures = []

        for cidr in cidrs:
            try:
                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
            except subnets.SubnetInvalid as e:
                print(e)
                failures.append(cidr)
                continue

            ret = self.ldb.search(
                base=basedn,
                scope=SCOPE_SUBTREE,
                expression=('(&(objectclass=subnet)(cn=%s))' % cidr))

            if len(ret) != 1:
                print("%s was not created" % cidr)
                failures.append(cidr)
                continue
            subnets.delete_subnet(self.ldb, basedn, cidr)

        if failures:
            print("These good subnet names were not accepted:")
            for cidr in failures:
                print("    %s" % cidr)
            self.fail()
Пример #11
0
    def test_create_bad_ranges(self):
        """These CIDR ranges all have something wrong with them, and they
        should all fail."""
        basedn = self.ldb.get_config_basedn()

        cidrs = [
            # IPv4
            # insufficient zeros
            "10.11.12.0/14",
            "110.0.0.0/6",
            "1.0.0.0/0",
            "10.11.13.1/24",
            "1.2.3.4/29",
            "10.11.12.0/21",
            # out of range mask
            "110.0.0.0/33",
            "110.0.0.0/-1",
            "4.0.0.0/111",
            # out of range address
            "310.0.0.0/24",
            "10.0.0.256/32",
            "1.1.-20.0/24",
            # badly formed
            "1.0.0.0/1e",
            "1.0.0.0/24.0",
            "1.0.0.0/1/1",
            "1.0.0.0",
            "1.c.0.0/24",
            "1.2.0.0.0/27",
            "1.23.0/24",
            "1.23.0.-7/24",
            "1.-23.0.7/24",
            "1.23.-0.7/24",
            "1.23.0.0/0x10",
            # IPv6 insufficient zeros -- this could be a subtle one
            # due to the vagaries of endianness in the 16 bit groups.
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/119",
            "aaaa:bbbb::/31",
            "a:b::/31",
            "c000::/1",
            "a::b00/119",
            "1::1/127",
            "1::2/126",
            "1::100/119",
            "1::8000/112",
            # out of range mask
            "a:b::/130",
            "a:b::/-1",
            "::/129",
            # An IPv4 address can't be exactly the bitmask (MS ADTS)
            "128.0.0.0/1",
            "192.0.0.0/2",
            "255.192.0.0/10",
            "255.255.255.0/24",
            "255.255.255.255/32",
            "0.0.0.0/0",
            # The address can't have leading zeros (not RFC 4632, but MS ADTS)
            "00.1.2.0/24",
            "003.1.2.0/24",
            "022.1.0.0/16",
            "00000000000000000000000003.1.2.0/24",
            "09876::abfc/126",
            "0aaaa:bbbb::/32",
            "009876::abfc/126",
            "000a:bbbb::/32",

            # How about extraneous zeros later on
            "3.01.2.0/24",
            "3.1.2.00/24",
            "22.001.0.0/16",
            "3.01.02.0/24",
            "100a:0bbb:0023::/48",
            "100a::0023/128",

            # Windows doesn't like the zero IPv4 address
            "0.0.0.0/8",
            # or the zero mask on IPv6
            "::/0",

            # various violations of RFC5952
            "0:0:0:0:0:0:0:0/8",
            "0::0/0",
            "::0:0/48",
            "::0:4/128",
            "0::/8",
            "0::4f/128",
            "0::42:0:0:0:0/64",
            "4f::0/48",

            # badly formed -- mostly the wrong arrangement of colons
            "a::b::0/120",
            "a::abcdf:0/120",
            "a::g:0/120",
            "::0::3/48",
            "2001:3::110::3/118",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1111:0000/128",
            "a:::5:0/120",

            # non-canonical representations (vs RFC 5952)
            # "2001:0:c633:63::1:0/120"  is correct
            "2001:0:c633:63:0:0:1:0/120",
            "2001::c633:63:0:0:1:0/120",
            "2001:0:c633:63:0:0:1::/120",

            # "10:0:0:42::/64" is correct
            "10::42:0:0:0:0/64",
            "10:0:0:42:0:0:0:0/64",

            # "1::4:5:0:0:8/127" is correct
            "1:0:0:4:5:0:0:8/127",
            "1:0:0:4:5::8/127",

            # "2001:db8:0:1:1:1:1:1/128" is correct
            "2001:db8::1:1:1:1:1/128",

            # IP4 embedded - rejected
            "a::10.0.0.0/120",
            "a::10.9.8.7/128",

            # The next ones tinker indirectly with IPv4 embedding,
            # where Windows has some odd behaviour.
            #
            # Samba's libreplace inet_ntop6 expects IPv4 embedding
            # with addresses in these forms:
            #
            #     ::wx:yz
            #     ::FFFF:wx:yz
            #
            # these will be stringified with trailing dottted decimal, thus:
            #
            #     ::w.x.y.z
            #     ::ffff:w.x.y.z
            #
            # and this will cause the address to be rejected by Samba,
            # because it uses a inet_pton / inet_ntop round trip to
            # ascertain correctness.
            "::ffff:0:0/96",  # this one fails on WIN2012r2
            "::ffff:aaaa:a000/120",
            "::ffff:10:0/120",
            "::ffff:2:300/120",
            "::3:0/120",
            "::2:30/124",
            "::ffff:2:30/124",

            # completely wrong
            None,
            "bob",
            3.1415,
            False,
            "10.11.16.0/24\x00hidden bytes past a zero",
            self,
        ]

        failures = []
        for cidr in cidrs:
            try:
                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
            except subnets.SubnetInvalid:
                print("%s fails properly" % (cidr, ), file=sys.stderr)
                continue

            # we are here because it succeeded when it shouldn't have.
            print("CIDR %s fails to fail" % (cidr, ), file=sys.stderr)
            failures.append(cidr)
            subnets.delete_subnet(self.ldb, basedn, cidr)

        if failures:
            print("These bad subnet names were accepted:")
            for cidr in failures:
                print("    %s" % cidr)
            self.fail()
Пример #12
0
    def test_create_good_ranges(self):
        """All of these CIDRs are good, and the subnet creation should
        succeed."""
        basedn = self.ldb.get_config_basedn()

        cidrs = [
            # IPv4
            "10.11.12.0/24",
            "10.11.12.0/23",
            "10.11.12.0/25",
            "110.0.0.0/7",
            "1.0.0.0/32",
            "10.11.13.0/32",
            "10.11.13.1/32",
            "99.0.97.0/24",
            "1.2.3.4/30",
            "10.11.12.0/22",
            "0.12.13.0/24",
            # IPv6
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/120",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11f0/124",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11fc/126",
            # don't forget upper case
            "FFFF:FFFF:FFFF:FFFF:ABCD:EfFF:FFFF:FFeF/128",
            "9876::ab00/120",
            "9876::abf0/124",
            "9876::abfc/126",
            "aaaa:bbbb::/32",
            "aaaa:bbba::/31",
            "aaaa:ba00::/23",
            "aaaa:bb00::/24",
            "aaaa:bb00::/77",
            "::/48",
            "a:b::/32",
            "c000::/2",
            "a::b00/120",
            "1::2/127",
            # this pattern of address suffix == mask is forbidden with
            # IPv4 but OK for IPv6.
            "8000::/1",
            "c000::/2",
            "ffff:ffff:ffc0::/42",
            "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128",
            # leading zeros are forbidden, but implicit IPv6 zeros
            # (via "::") are OK.
            "::1000/116",
            "::8000/113",
            # taken to the logical conclusion, "::/0" should be OK, but no.
            "::/48",

            # Try some reserved ranges, which it might be reasonable
            # to exclude, but which are not excluded in practice.
            "129.0.0.0/16",
            "129.255.0.0/16",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "127.0.0.0/24",
            "169.254.0.0/16",
            "169.254.1.0/24",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "224.0.0.0/4",
            "130.129.0.0/16",
            "130.255.0.0/16",
            "192.12.0.0/24",
            "223.255.255.0/24",
            "240.255.255.0/24",
            "224.0.0.0/8",
            "::/96",
            "100::/64",
            "2001:10::/28",
            "fec0::/10",
            "ff00::/8",
            "::1/128",
            "2001:db8::/32",
            "2001:10::/28",
            "2002::/24",
            "2002:a00::/24",
            "2002:7f00::/24",
            "2002:a9fe::/32",
            "2002:ac10::/28",
            "2002:c000::/40",
            "2002:c000:200::/40",
            "2002:c0a8::/32",
            "2002:c612::/31",
            "2002:c633:6400::/40",
            "2002:cb00:7100::/40",
            "2002:e000::/20",
            "2002:f000::/20",
            "2002:ffff:ffff::/48",
            "2001::/40",
            "2001:0:a00::/40",
            "2001:0:7f00::/40",
            "2001:0:a9fe::/48",
            "2001:0:ac10::/44",
            "2001:0:c000::/56",
            "2001:0:c000:200::/56",
            "2001:0:c0a8::/48",
            "2001:0:c612::/47",
            "2001:0:c633:6400::/56",
            "2001:0:cb00:7100::/56",
            "2001:0:e000::/36",
            "2001:0:f000::/36",
            "2001:0:ffff:ffff::/64",

            # non-RFC-5952 versions of these are tested in create_bad_ranges
            "2001:0:c633:63::1:0/120",
            "10:0:0:42::/64",
            "1::4:5:0:0:8/127",
            "2001:db8:0:1:1:1:1:1/128",

            # The "well-known prefix" 64::ff9b is another IPv4
            # embedding scheme. Let's try that.
            "64:ff9b::aaaa:aaaa/127",
            "64:ff9b::/120",
            "64:ff9b::ffff:2:3/128",
        ]
        failures = []

        for cidr in cidrs:
            try:
                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
            except subnets.SubnetInvalid, e:
                print e
                failures.append(cidr)
                continue

            ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
                                  expression=('(&(objectclass=subnet)(cn={0!s}))'.format(
                                              cidr)))

            if len(ret) != 1:
                print "{0!s} was not created".format(cidr)
                failures.append(cidr)
                continue
            subnets.delete_subnet(self.ldb, basedn, cidr)
Пример #13
0
    def test_create_bad_ranges(self):
        """These CIDR ranges all have something wrong with them, and they
        should all fail."""
        basedn = self.ldb.get_config_basedn()

        cidrs = [
            # IPv4
            # insufficient zeros
            "10.11.12.0/14",
            "110.0.0.0/6",
            "1.0.0.0/0",
            "10.11.13.1/24",
            "1.2.3.4/29",
            "10.11.12.0/21",
            # out of range mask
            "110.0.0.0/33",
            "110.0.0.0/-1",
            "4.0.0.0/111",
            # out of range address
            "310.0.0.0/24",
            "10.0.0.256/32",
            "1.1.-20.0/24",
            # badly formed
            "1.0.0.0/1e",
            "1.0.0.0/24.0",
            "1.0.0.0/1/1",
            "1.0.0.0",
            "1.c.0.0/24",
            "1.2.0.0.0/27",
            "1.23.0/24",
            "1.23.0.-7/24",
            "1.-23.0.7/24",
            "1.23.-0.7/24",
            "1.23.0.0/0x10",
            # IPv6 insufficient zeros -- this could be a subtle one
            # due to the vagaries of endianness in the 16 bit groups.
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/119",
            "aaaa:bbbb::/31",
            "a:b::/31",
            "c000::/1",
            "a::b00/119",
            "1::1/127",
            "1::2/126",
            "1::100/119",
            "1::8000/112",
            # out of range mask
            "a:b::/130",
            "a:b::/-1",
            "::/129",
            # An IPv4 address can't be exactly the bitmask (MS ADTS)
            "128.0.0.0/1",
            "192.0.0.0/2",
            "255.192.0.0/10",
            "255.255.255.0/24",
            "255.255.255.255/32",
            "0.0.0.0/0",
            # The address can't have leading zeros (not RFC 4632, but MS ADTS)
            "00.1.2.0/24",
            "003.1.2.0/24",
            "022.1.0.0/16",
            "00000000000000000000000003.1.2.0/24",
            "09876::abfc/126",
            "0aaaa:bbbb::/32",
            "009876::abfc/126",
            "000a:bbbb::/32",

            # How about extraneous zeros later on
            "3.01.2.0/24",
            "3.1.2.00/24",
            "22.001.0.0/16",
            "3.01.02.0/24",
            "100a:0bbb:0023::/48",
            "100a::0023/128",

            # Windows doesn't like the zero IPv4 address
            "0.0.0.0/8",
            # or the zero mask on IPv6
            "::/0",

            # various violations of RFC5952
            "0:0:0:0:0:0:0:0/8",
            "0::0/0",
            "::0:0/48",
            "::0:4/128",
            "0::/8",
            "0::4f/128",
            "0::42:0:0:0:0/64",
            "4f::0/48",

            # badly formed -- mostly the wrong arrangement of colons
            "a::b::0/120",
            "a::abcdf:0/120",
            "a::g:0/120",
            "::0::3/48",
            "2001:3::110::3/118",
            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1111:0000/128",
            "a:::5:0/120",

            # non-canonical representations (vs RFC 5952)
            # "2001:0:c633:63::1:0/120"  is correct
            "2001:0:c633:63:0:0:1:0/120",
            "2001::c633:63:0:0:1:0/120",
            "2001:0:c633:63:0:0:1::/120",

            # "10:0:0:42::/64" is correct
            "10::42:0:0:0:0/64",
            "10:0:0:42:0:0:0:0/64",

            # "1::4:5:0:0:8/127" is correct
            "1:0:0:4:5:0:0:8/127",
            "1:0:0:4:5::8/127",

            # "2001:db8:0:1:1:1:1:1/128" is correct
            "2001:db8::1:1:1:1:1/128",

            # IP4 embedded - rejected
            "a::10.0.0.0/120",
            "a::10.9.8.7/128",

            # The next ones tinker indirectly with IPv4 embedding,
            # where Windows has some odd behaviour.
            #
            # Samba's libreplace inet_ntop6 expects IPv4 embedding
            # with addresses in these forms:
            #
            #     ::wx:yz
            #     ::FFFF:wx:yz
            #
            # these will be stringified with trailing dottted decimal, thus:
            #
            #     ::w.x.y.z
            #     ::ffff:w.x.y.z
            #
            # and this will cause the address to be rejected by Samba,
            # because it uses a inet_pton / inet_ntop round trip to
            # ascertain correctness.

            "::ffff:0:0/96", #this one fails on WIN2012r2
            "::ffff:aaaa:a000/120",
            "::ffff:10:0/120",
            "::ffff:2:300/120",
            "::3:0/120",
            "::2:30/124",
            "::ffff:2:30/124",

            # completely wrong
            None,
            "bob",
            3.1415,
            False,
            "10.11.16.0/24\x00hidden bytes past a zero",
            self,
        ]

        failures = []
        for cidr in cidrs:
            try:
                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
            except subnets.SubnetInvalid:
                print >> sys.stderr, "{0!s} fails properly".format(cidr)
                continue

            # we are here because it succeeded when it shouldn't have.
            print >> sys.stderr, "CIDR {0!s} fails to fail".format(cidr)
            failures.append(cidr)
            subnets.delete_subnet(self.ldb, basedn, cidr)

        if failures:
            print "These bad subnet names were accepted:"
            for cidr in failures:
                print "    {0!s}".format(cidr)
            self.fail()