Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

Samba4.pm

Visit:

Last change on this file was 989, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.7
File size: 67.8 KB

Line
1	#!/usr/bin/perl
2	# Bootstrap Samba and run a number of tests against it.
3	# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4	# Published under the GNU GPL, v3 or later.
5
6	package Samba4;
7
8	use strict;
9	use Cwd qw(abs_path);
10	use FindBin qw($RealBin);
11	use POSIX;
12	use SocketWrapper;
13	use target::Samba;
14	use target::Samba3;
15
16	sub new($$$$$) {
17	my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
18
19	my $self = {
20	vars => {},
21	ldap => $ldap,
22	bindir => $bindir,
23	srcdir => $srcdir,
24	server_maxtime => $server_maxtime,
25	target3 => new Samba3($bindir, $srcdir, $server_maxtime)
26	};
27	bless $self;
28	return $self;
29	}
30
31	sub scriptdir_path($$) {
32	my ($self, $path) = @_;
33	return "$self->{srcdir}/source4/scripting/$path";
34	}
35
36	sub openldap_start($$$) {
37	}
38
39	sub slapd_start($$)
40	{
41	my $count = 0;
42	my ($self, $env_vars, $STDIN_READER) = @_;
43	my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
44
45	my $uri = $env_vars->{LDAP_URI};
46
47	if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
48	print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
49	return 1;
50	}
51	# running slapd in the background means it stays in the same process group, so it can be
52	# killed by timelimit
53	my $pid = fork();
54	if ($pid == 0) {
55	open STDOUT, ">$env_vars->{LDAPDIR}/logs";
56	open STDERR, '>&STDOUT';
57	close($env_vars->{STDIN_PIPE});
58	open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
59
60	if ($self->{ldap} eq "fedora-ds") {
61	exec("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd", "-D", $env_vars->{FEDORA_DS_DIR}, "-d0", "-i", $env_vars->{FEDORA_DS_PIDFILE});
62	} elsif ($self->{ldap} eq "openldap") {
63	exec($ENV{OPENLDAP_SLAPD}, "-dnone", "-F", $env_vars->{SLAPD_CONF_D}, "-h", $uri);
64	}
65	die("Unable to start slapd: $!");
66	}
67	$env_vars->{SLAPD_PID} = $pid;
68	sleep(1);
69	while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
70	$count++;
71	if ($count > 40) {
72	$self->slapd_stop($env_vars);
73	return 0;
74	}
75	sleep(1);
76	}
77	return 1;
78	}
79
80	sub slapd_stop($$)
81	{
82	my ($self, $envvars) = @_;
83	kill 9, $envvars->{SLAPD_PID};
84	return 1;
85	}
86
87	sub check_or_start($$$)
88	{
89	my ($self, $env_vars, $process_model) = @_;
90	my $STDIN_READER;
91
92	my $env_ok = $self->check_env($env_vars);
93	if ($env_ok) {
94	return $env_vars->{SAMBA_PID};
95	}
96
97	# use a pipe for stdin in the child processes. This allows
98	# those processes to monitor the pipe for EOF to ensure they
99	# exit when the test script exits
100	pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
101
102	# Start slapd before samba, but with the fifo on stdin
103	if (defined($self->{ldap})) {
104	unless($self->slapd_start($env_vars, $STDIN_READER)) {
105	warn("couldn't start slapd (main run)");
106	return undef;
107	}
108	}
109
110	print "STARTING SAMBA...";
111	my $pid = fork();
112	if ($pid == 0) {
113	# we want out from samba to go to the log file, but also
114	# to the users terminal when running 'make test' on the command
115	# line. This puts it on stderr on the terminal
116	open STDOUT, "\| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
117	open STDERR, '>&STDOUT';
118
119	SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
120
121	$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
122	$ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
123	$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
124
125	$ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
126	$ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
127	$ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS};
128	$ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH};
129	$ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX};
130
131	if (defined($env_vars->{RESOLV_WRAPPER_CONF})) {
132	$ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF};
133	} else {
134	$ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
135	}
136
137	$ENV{UID_WRAPPER} = "1";
138	$ENV{UID_WRAPPER_ROOT} = "1";
139
140	$ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba");
141	my @preargs = ();
142	my @optargs = ();
143	if (defined($ENV{SAMBA_OPTIONS})) {
144	@optargs = split(/ /, $ENV{SAMBA_OPTIONS});
145	}
146	if(defined($ENV{SAMBA_VALGRIND})) {
147	@preargs = split(/ /,$ENV{SAMBA_VALGRIND});
148	}
149
150	close($env_vars->{STDIN_PIPE});
151	open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
152
153	exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
154	}
155	$env_vars->{SAMBA_PID} = $pid;
156	print "DONE ($pid)\n";
157
158	close($STDIN_READER);
159
160	if ($self->wait_for_start($env_vars) != 0) {
161	warn("Samba $pid failed to start up");
162	return undef;
163	}
164
165	return $pid;
166	}
167
168	sub wait_for_start($$)
169	{
170	my ($self, $testenv_vars) = @_;
171	my $ret = 0;
172
173	if (not $self->check_env($testenv_vars)) {
174	warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running");
175	return -1;
176	}
177
178	# give time for nbt server to register its names
179	print "delaying for nbt name registration\n";
180	sleep 2;
181
182	# This will return quickly when things are up, but be slow if we
183	# need to wait for (eg) SSL init
184	my $nmblookup = Samba::bindir_path($self, "nmblookup4");
185	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
186	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
187	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
188	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
189	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
190	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
191	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
192	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
193	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
194	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
195	system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
196	system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
197
198	# Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
199	if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) {
200	# Add hosts file for name lookups
201	$ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
202	if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
203	$ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF};
204	} else {
205	$ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS};
206	}
207
208	print "waiting for working LDAP and a RID Set to be allocated\n";
209	my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
210	my $count = 0;
211	my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
212	my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
213	sleep(1);
214	while (system("$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null") != 0) {
215	$count++;
216	if ($count > 40) {
217	$ret = -1;
218	last;
219	}
220	sleep(1);
221	}
222	}
223	print $self->getlog_env($testenv_vars);
224
225	return $ret
226	}
227
228	sub write_ldb_file($$$)
229	{
230	my ($self, $file, $ldif) = @_;
231
232	my $ldbadd = Samba::bindir_path($self, "ldbadd");
233	open(LDIF, "\|$ldbadd -H $file >/dev/null");
234	print LDIF $ldif;
235	return(close(LDIF));
236	}
237
238	sub add_wins_config($$)
239	{
240	my ($self, $privatedir) = @_;
241
242	return $self->write_ldb_file("$privatedir/wins_config.ldb", "
243	dn: name=TORTURE_11,CN=PARTNERS
244	objectClass: wreplPartner
245	name: TORTURE_11
246	address: 127.0.0.11
247	pullInterval: 0
248	pushChangeCount: 0
249	type: 0x3
250	");
251	}
252
253	sub mk_fedora_ds($$)
254	{
255	my ($self, $ctx) = @_;
256
257	#Make the subdirectory be as fedora DS would expect
258	my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
259
260	my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
261
262	return ($fedora_ds_dir, $pidfile);
263	}
264
265	sub mk_openldap($$)
266	{
267	my ($self, $ctx) = @_;
268
269	my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
270	my $pidfile = "$ctx->{ldapdir}/slapd.pid";
271
272	return ($slapd_conf_d, $pidfile);
273	}
274
275	sub setup_namespaces($$:$$)
276	{
277	my ($self, $localenv, $upn_array, $spn_array) = @_;
278
279	@{$upn_array} = [] unless defined($upn_array);
280	my $upn_args = "";
281	foreach my $upn (@{$upn_array}) {
282	$upn_args .= " --add-upn-suffix=$upn";
283	}
284
285	@{$spn_array} = [] unless defined($spn_array);
286	my $spn_args = "";
287	foreach my $spn (@{$spn_array}) {
288	$spn_args .= " --add-spn-suffix=$spn";
289	}
290
291	my $samba_tool = Samba::bindir_path($self, "samba-tool");
292
293	my $cmd_env = "";
294	$cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
295	if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
296	$cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
297	} else {
298	$cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
299	}
300	$cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
301
302	my $cmd_config = " $localenv->{CONFIGURATION}";
303
304	my $namespaces = $cmd_env;
305	$namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args";
306	$namespaces .= $cmd_config;
307	unless (system($namespaces) == 0) {
308	warn("Failed to add namespaces \n$namespaces");
309	return;
310	}
311
312	return;
313	}
314
315	sub setup_trust($$$$$)
316	{
317	my ($self, $localenv, $remoteenv, $type, $extra_args) = @_;
318
319	$localenv->{TRUST_SERVER} = $remoteenv->{SERVER};
320	$localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP};
321	$localenv->{TRUST_SERVER_IPV6} = $remoteenv->{SERVER_IPV6};
322	$localenv->{TRUST_NETBIOSNAME} = $remoteenv->{NETBIOSNAME};
323	$localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME};
324	$localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD};
325	$localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN};
326	$localenv->{TRUST_REALM} = $remoteenv->{REALM};
327
328	my $samba_tool = Samba::bindir_path($self, "samba-tool");
329	# setup the trust
330	my $cmd_env = "";
331	$cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
332	if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
333	$cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
334	} else {
335	$cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
336	}
337	$cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
338
339	my $cmd_config = " $localenv->{CONFIGURATION}";
340	my $cmd_creds = $cmd_config;
341	$cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}";
342
343	my $create = $cmd_env;
344	$create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}";
345	$create .= " $extra_args";
346	$create .= $cmd_creds;
347	unless (system($create) == 0) {
348	warn("Failed to create trust \n$create");
349	return undef;
350	}
351
352	return $localenv
353	}
354
355	sub provision_raw_prepare($$$$$$$$$$$)
356	{
357	my ($self, $prefix, $server_role, $hostname,
358	$domain, $realm, $functional_level,
359	$password, $kdc_ipv4, $kdc_ipv6) = @_;
360	my $ctx;
361	my $netbiosname = uc($hostname);
362
363	unless(-d $prefix or mkdir($prefix, 0777)) {
364	warn("Unable to create $prefix");
365	return undef;
366	}
367	my $prefix_abs = abs_path($prefix);
368
369	die ("prefix=''") if $prefix_abs eq "";
370	die ("prefix='/'") if $prefix_abs eq "/";
371
372	unless (system("rm -rf $prefix_abs/*") == 0) {
373	warn("Unable to clean up");
374	}
375
376
377	my $swiface = Samba::get_interface($hostname);
378
379	$ctx->{prefix} = $prefix;
380	$ctx->{prefix_abs} = $prefix_abs;
381
382	$ctx->{server_role} = $server_role;
383	$ctx->{hostname} = $hostname;
384	$ctx->{netbiosname} = $netbiosname;
385	$ctx->{swiface} = $swiface;
386	$ctx->{password} = $password;
387	$ctx->{kdc_ipv4} = $kdc_ipv4;
388	$ctx->{kdc_ipv6} = $kdc_ipv6;
389	if ($functional_level eq "2000") {
390	$ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"
391	}
392
393	#
394	# Set smbd log level here.
395	#
396	$ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} \|\| 1;
397	$ctx->{username} = "Administrator";
398	$ctx->{domain} = $domain;
399	$ctx->{realm} = uc($realm);
400	$ctx->{dnsname} = lc($realm);
401
402	$ctx->{functional_level} = $functional_level;
403
404	my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
405	chomp $unix_name;
406	$ctx->{unix_name} = $unix_name;
407	$ctx->{unix_uid} = $>;
408	my @mygid = split(" ", $();
409	$ctx->{unix_gid} = $mygid[0];
410	$ctx->{unix_gids_str} = $);
411	@{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
412
413	$ctx->{etcdir} = "$prefix_abs/etc";
414	$ctx->{piddir} = "$prefix_abs/pid";
415	$ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
416	$ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
417	$ctx->{privatedir} = "$prefix_abs/private";
418	$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
419	$ctx->{lockdir} = "$prefix_abs/lockdir";
420	$ctx->{logdir} = "$prefix_abs/logs";
421	$ctx->{statedir} = "$prefix_abs/statedir";
422	$ctx->{cachedir} = "$prefix_abs/cachedir";
423	$ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
424	$ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
425	$ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
426	$ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
427	$ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
428	$ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts";
429	if ($ENV{SAMBA_DNS_FAKING}) {
430	$ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
431	$ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}";
432	} else {
433	$ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf";
434	$ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}";
435	}
436
437	$ctx->{tlsdir} = "$ctx->{privatedir}/tls";
438
439	$ctx->{ipv4} = "127.0.0.$swiface";
440	$ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
441	$ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
442
443	push(@{$ctx->{directories}}, $ctx->{privatedir});
444	push(@{$ctx->{directories}}, $ctx->{etcdir});
445	push(@{$ctx->{directories}}, $ctx->{piddir});
446	push(@{$ctx->{directories}}, $ctx->{lockdir});
447	push(@{$ctx->{directories}}, $ctx->{logdir});
448	push(@{$ctx->{directories}}, $ctx->{statedir});
449	push(@{$ctx->{directories}}, $ctx->{cachedir});
450
451	$ctx->{smb_conf_extra_options} = "";
452
453	my @provision_options = ();
454	push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
455	push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
456	push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
457	push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
458	if (defined($ctx->{resolv_conf})) {
459	push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"");
460	} else {
461	push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
462	}
463	if (defined($ENV{GDB_PROVISION})) {
464	push (@provision_options, "gdb --args");
465	if (!defined($ENV{PYTHON})) {
466	push (@provision_options, "env");
467	push (@provision_options, "python");
468	}
469	}
470	if (defined($ENV{VALGRIND_PROVISION})) {
471	push (@provision_options, "valgrind");
472	if (!defined($ENV{PYTHON})) {
473	push (@provision_options, "env");
474	push (@provision_options, "python");
475	}
476	}
477	if (defined($ENV{PYTHON})) {
478	push (@provision_options, $ENV{PYTHON});
479	}
480	push (@provision_options, Samba::bindir_path($self, "samba-tool"));
481	push (@provision_options, "domain");
482	push (@provision_options, "provision");
483	push (@provision_options, "--configfile=$ctx->{smb_conf}");
484	push (@provision_options, "--host-name=$ctx->{hostname}");
485	push (@provision_options, "--host-ip=$ctx->{ipv4}");
486	push (@provision_options, "--quiet");
487	push (@provision_options, "--domain=$ctx->{domain}");
488	push (@provision_options, "--realm=$ctx->{realm}");
489	push (@provision_options, "--adminpass=$ctx->{password}");
490	push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
491	push (@provision_options, "--machinepass=machine$ctx->{password}");
492	push (@provision_options, "--root=$ctx->{unix_name}");
493	push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
494	push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
495
496	@{$ctx->{provision_options}} = @provision_options;
497
498	return $ctx;
499	}
500
501	#
502	# Step1 creates the basic configuration
503	#
504	sub provision_raw_step1($$)
505	{
506	my ($self, $ctx) = @_;
507
508	mkdir($_, 0777) foreach (@{$ctx->{directories}});
509
510	##
511	## lockdir and piddir must be 0755
512	##
513	chmod 0755, $ctx->{lockdir};
514	chmod 0755, $ctx->{piddir};
515
516	unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
517	warn("can't open $ctx->{smb_conf}$?");
518	return undef;
519	}
520
521	Samba::prepare_keyblobs($ctx);
522	my $crlfile = "$ctx->{tlsdir}/crl.pem";
523	$crlfile = "" unless -e ${crlfile};
524
525	print CONFFILE "
526	[global]
527	netbios name = $ctx->{netbiosname}
528	posix:eadb = $ctx->{statedir}/eadb.tdb
529	workgroup = $ctx->{domain}
530	realm = $ctx->{realm}
531	private dir = $ctx->{privatedir}
532	pid directory = $ctx->{piddir}
533	ncalrpc dir = $ctx->{ncalrpcdir}
534	lock dir = $ctx->{lockdir}
535	state directory = $ctx->{statedir}
536	cache directory = $ctx->{cachedir}
537	winbindd socket directory = $ctx->{winbindd_socket_dir}
538	winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
539	ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
540	winbind separator = /
541	interfaces = $ctx->{interfaces}
542	tls dh params file = $ctx->{tlsdir}/dhparms.pem
543	tls crlfile = ${crlfile}
544	tls verify peer = no_check
545	panic action = $RealBin/gdb_backtrace \%d
546	wins support = yes
547	server role = $ctx->{server_role}
548	server services = +echo +smb -s3fs
549	dcerpc endpoint servers = +winreg +srvsvc
550	notify:inotify = false
551	ldb:nosync = true
552	ldap server require strong auth = yes
553	#We don't want to pass our self-tests if the PAC code is wrong
554	gensec:require_pac = true
555	log file = $ctx->{logdir}/log.\%m
556	log level = $ctx->{server_loglevel}
557	lanman auth = Yes
558	rndc command = true
559	dns update command = $ctx->{samba_dnsupdate}
560	spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
561	dreplsrv:periodic_startup_interval = 0
562	dsdb:schema update allowed = yes
563
564	vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
565
566	# remove this again, when our smb2 client library
567	# supports signin on compound related requests
568	server signing = on
569
570	idmap_ldb:use rfc2307=yes
571	winbind enum users = yes
572	winbind enum groups = yes
573	";
574
575	print CONFFILE "
576
577	# Begin extra options
578	$ctx->{smb_conf_extra_options}
579	# End extra options
580	";
581	close(CONFFILE);
582
583	#Default the KDC IP to the server's IP
584	if (not defined($ctx->{kdc_ipv4})) {
585	$ctx->{kdc_ipv4} = $ctx->{ipv4};
586	}
587	if (not defined($ctx->{kdc_ipv6})) {
588	$ctx->{kdc_ipv6} = $ctx->{ipv6};
589	}
590
591	Samba::mk_krb5_conf($ctx);
592
593	open(PWD, ">$ctx->{nsswrap_passwd}");
594	if ($ctx->{unix_uid} != 0) {
595	print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n";
596	}
597	print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n";
598	print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
599	pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
600	pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
601	pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
602	pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
603	";
604	close(PWD);
605	my $uid_rfc2307test = 65533;
606
607	open(GRP, ">$ctx->{nsswrap_group}");
608	if ($ctx->{unix_gid} != 0) {
609	print GRP "root:x:0:\n";
610	}
611	print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n";
612	print GRP "wheel:x:10:
613	users:x:65531:
614	nobody:x:65533:
615	nogroup:x:65534:nobody
616	";
617	close(GRP);
618	my $gid_rfc2307test = 65532;
619
620	my $hostname = lc($ctx->{hostname});
621	open(HOSTS, ">>$ctx->{nsswrap_hosts}");
622	if ($hostname eq "localdc") {
623	print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
624	print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
625	} else {
626	print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n";
627	print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n";
628	}
629	close(HOSTS);
630
631	if (defined($ctx->{resolv_conf})) {
632	open(RESOLV_CONF, ">$ctx->{resolv_conf}");
633	print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n";
634	print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n";
635	close(RESOLV_CONF);
636	}
637
638	my $configuration = "--configfile=$ctx->{smb_conf}";
639
640	#Ensure the config file is valid before we start
641	my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm";
642	if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
643	system("$testparm -v --suppress-prompt $configuration >&2");
644	warn("Failed to create a valid smb.conf configuration $testparm!");
645	return undef;
646	}
647	unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null \| grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
648	warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
649	return undef;
650	}
651
652	my $ret = {
653	KRB5_CONFIG => $ctx->{krb5_conf},
654	PIDDIR => $ctx->{piddir},
655	SERVER => $ctx->{hostname},
656	SERVER_IP => $ctx->{ipv4},
657	SERVER_IPV6 => $ctx->{ipv6},
658	NETBIOSNAME => $ctx->{netbiosname},
659	DOMAIN => $ctx->{domain},
660	USERNAME => $ctx->{username},
661	REALM => $ctx->{realm},
662	PASSWORD => $ctx->{password},
663	LDAPDIR => $ctx->{ldapdir},
664	LDAP_INSTANCE => $ctx->{ldap_instance},
665	SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
666	NCALRPCDIR => $ctx->{ncalrpcdir},
667	LOCKDIR => $ctx->{lockdir},
668	STATEDIR => $ctx->{statedir},
669	CACHEDIR => $ctx->{cachedir},
670	PRIVATEDIR => $ctx->{privatedir},
671	SERVERCONFFILE => $ctx->{smb_conf},
672	CONFIGURATION => $configuration,
673	SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
674	NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
675	NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
676	NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts},
677	SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
678	SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
679	SAMBA_TEST_LOG_POS => 0,
680	NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
681	NSS_WRAPPER_MODULE_FN_PREFIX => "winbind",
682	LOCAL_PATH => $ctx->{share},
683	UID_RFC2307TEST => $uid_rfc2307test,
684	GID_RFC2307TEST => $gid_rfc2307test,
685	SERVER_ROLE => $ctx->{server_role}
686	};
687
688	if (defined($ctx->{resolv_conf})) {
689	$ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf};
690	} else {
691	$ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
692	}
693
694	return $ret;
695	}
696
697	#
698	# Step2 runs the provision script
699	#
700	sub provision_raw_step2($$$)
701	{
702	my ($self, $ctx, $ret) = @_;
703
704	my $provision_cmd = join(" ", @{$ctx->{provision_options}});
705	unless (system($provision_cmd) == 0) {
706	warn("Unable to provision: \n$provision_cmd\n");
707	return undef;
708	}
709
710	my $testallowed_account = "testallowed";
711	my $samba_tool_cmd = "";
712	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
713	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
714	. " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
715	unless (system($samba_tool_cmd) == 0) {
716	warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
717	return undef;
718	}
719
720	my $ldbmodify = "";
721	$ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
722	$ldbmodify .= Samba::bindir_path($self, "ldbmodify");
723	my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
724
725	if ($ctx->{server_role} ne "domain controller") {
726	$base_dn = "DC=$ctx->{netbiosname}";
727	}
728
729	my $user_dn = "cn=$testallowed_account,cn=users,$base_dn";
730	$testallowed_account = "testallowed account";
731	open(LDIF, "\|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
732	print LDIF "dn: $user_dn
733	changetype: modify
734	replace: samAccountName
735	samAccountName: $testallowed_account
736	-
737	";
738	close(LDIF);
739
740	open(LDIF, "\|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
741	print LDIF "dn: $user_dn
742	changetype: modify
743	replace: userPrincipalName
744	userPrincipalName: testallowed upn\@$ctx->{realm}
745	replace: servicePrincipalName
746	servicePrincipalName: host/testallowed
747	-
748	";
749	close(LDIF);
750
751	$samba_tool_cmd = "";
752	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
753	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
754	. " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
755	unless (system($samba_tool_cmd) == 0) {
756	warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
757	return undef;
758	}
759
760	my $user_dn = "cn=testdenied,cn=users,$base_dn";
761	open(LDIF, "\|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
762	print LDIF "dn: $user_dn
763	changetype: modify
764	replace: userPrincipalName
765	userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
766	-
767	";
768	close(LDIF);
769
770	$samba_tool_cmd = "";
771	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
772	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
773	. " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
774	unless (system($samba_tool_cmd) == 0) {
775	warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n");
776	return undef;
777	}
778
779	return $ret;
780	}
781
782	sub provision($$$$$$$$$$)
783	{
784	my ($self, $prefix, $server_role, $hostname,
785	$domain, $realm, $functional_level,
786	$password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares,
787	$extra_provision_options) = @_;
788
789	my $ctx = $self->provision_raw_prepare($prefix, $server_role,
790	$hostname,
791	$domain, $realm, $functional_level,
792	$password, $kdc_ipv4, $kdc_ipv6);
793
794	if (defined($extra_provision_options)) {
795	push (@{$ctx->{provision_options}}, @{$extra_provision_options});
796	} else {
797	push (@{$ctx->{provision_options}}, "--use-ntvfs");
798	}
799
800	$ctx->{share} = "$ctx->{prefix_abs}/share";
801	push(@{$ctx->{directories}}, "$ctx->{share}");
802	push(@{$ctx->{directories}}, "$ctx->{share}/test1");
803	push(@{$ctx->{directories}}, "$ctx->{share}/test2");
804
805	# precreate directories for printer drivers
806	push(@{$ctx->{directories}}, "$ctx->{share}/W32X86");
807	push(@{$ctx->{directories}}, "$ctx->{share}/x64");
808	push(@{$ctx->{directories}}, "$ctx->{share}/WIN40");
809
810	my $msdfs = "no";
811	$msdfs = "yes" if ($server_role eq "domain controller");
812	$ctx->{smb_conf_extra_options} = "
813
814	max xmit = 32K
815	server max protocol = SMB2
816	host msdfs = $msdfs
817	lanman auth = yes
818	allow nt4 crypto = yes
819
820	# fruit:copyfile is a global option
821	fruit:copyfile = yes
822
823	$extra_smbconf_options
824
825	[tmp]
826	path = $ctx->{share}
827	read only = no
828	posix:sharedelay = 100000
829	posix:oplocktimeout = 3
830	posix:writetimeupdatedelay = 500000
831
832	[xcopy_share]
833	path = $ctx->{share}
834	read only = no
835	posix:sharedelay = 100000
836	posix:oplocktimeout = 3
837	posix:writetimeupdatedelay = 500000
838	create mask = 777
839	force create mode = 777
840
841	[posix_share]
842	path = $ctx->{share}
843	read only = no
844	create mask = 0777
845	force create mode = 0
846	directory mask = 0777
847	force directory mode = 0
848
849	[test1]
850	path = $ctx->{share}/test1
851	read only = no
852	posix:sharedelay = 100000
853	posix:oplocktimeout = 3
854	posix:writetimeupdatedelay = 500000
855
856	[test2]
857	path = $ctx->{share}/test2
858	read only = no
859	posix:sharedelay = 100000
860	posix:oplocktimeout = 3
861	posix:writetimeupdatedelay = 500000
862
863	[cifs]
864	path = $ctx->{share}/_ignore_cifs_
865	read only = no
866	ntvfs handler = cifs
867	cifs:server = $ctx->{netbiosname}
868	cifs:share = tmp
869	cifs:use-s4u2proxy = yes
870	# There is no username specified here, instead the client is expected
871	# to log in with kerberos, and the serverwill use delegated credentials.
872	# Or the server tries s4u2self/s4u2proxy to impersonate the client
873
874	[simple]
875	path = $ctx->{share}
876	read only = no
877	ntvfs handler = simple
878
879	[sysvol]
880	path = $ctx->{statedir}/sysvol
881	read only = no
882
883	[netlogon]
884	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
885	read only = no
886
887	[cifsposix]
888	copy = simple
889	ntvfs handler = cifsposix
890
891	[vfs_fruit]
892	path = $ctx->{share}
893	vfs objects = catia fruit streams_xattr acl_xattr
894	ea support = yes
895	fruit:ressource = file
896	fruit:metadata = netatalk
897	fruit:locking = netatalk
898	fruit:encoding = native
899
900	$extra_smbconf_shares
901	";
902
903	if (defined($self->{ldap})) {
904	$ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
905	push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
906
907	my $ldap_uri= "$ctx->{ldapdir}/ldapi";
908	$ldap_uri =~ s\|/\|%2F\|g;
909	$ldap_uri = "ldapi://$ldap_uri";
910	$ctx->{ldap_uri} = $ldap_uri;
911
912	$ctx->{ldap_instance} = lc($ctx->{netbiosname});
913	}
914
915	my $ret = $self->provision_raw_step1($ctx);
916	unless (defined $ret) {
917	return undef;
918	}
919
920	if (defined($self->{ldap})) {
921	$ret->{LDAP_URI} = $ctx->{ldap_uri};
922	push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
923	push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
924	if ($self->{ldap} eq "openldap") {
925	push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
926	($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
927
928	} elsif ($self->{ldap} eq "fedora-ds") {
929	push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
930	push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
931	($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
932	}
933
934	}
935
936	return $self->provision_raw_step2($ctx, $ret);
937	}
938
939	sub provision_s4member($$$$$)
940	{
941	my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_;
942	print "PROVISIONING MEMBER...\n";
943	my $extra_smb_conf = "
944	passdb backend = samba_dsdb
945	winbindd:use external pipes = true
946
947	rpc_server:default = external
948	rpc_server:svcctl = embedded
949	rpc_server:srvsvc = embedded
950	rpc_server:eventlog = embedded
951	rpc_server:ntsvcs = embedded
952	rpc_server:winreg = embedded
953	rpc_server:spoolss = embedded
954	rpc_daemon:spoolssd = embedded
955	rpc_server:tcpip = no
956	";
957	if ($more_conf) {
958	$extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
959	}
960	my $ret = $self->provision($prefix,
961	"member server",
962	$hostname,
963	"SAMBADOMAIN",
964	"samba.example.com",
965	"2008",
966	"locMEMpass3",
967	$dcvars->{SERVER_IP},
968	$dcvars->{SERVER_IPV6},
969	$extra_smb_conf, "", undef);
970	unless ($ret) {
971	return undef;
972	}
973
974	my $samba_tool = Samba::bindir_path($self, "samba-tool");
975	my $cmd = "";
976	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
977	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
978	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
979	} else {
980	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
981	}
982	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
983	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
984	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
985	$cmd .= " --machinepass=machine$ret->{PASSWORD}";
986
987	unless (system($cmd) == 0) {
988	warn("Join failed\n$cmd");
989	return undef;
990	}
991
992	$ret->{MEMBER_SERVER} = $ret->{SERVER};
993	$ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
994	$ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6};
995	$ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
996	$ret->{MEMBER_USERNAME} = $ret->{USERNAME};
997	$ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
998
999	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1000	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1001	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1002	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1003	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1004	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1005
1006	return $ret;
1007	}
1008
1009	sub provision_rpc_proxy($$$)
1010	{
1011	my ($self, $prefix, $dcvars) = @_;
1012	print "PROVISIONING RPC PROXY...";
1013
1014	my $extra_smbconf_options = "
1015	passdb backend = samba_dsdb
1016
1017	# rpc_proxy
1018	dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
1019	dcerpc endpoint servers = epmapper, remote
1020	dcerpc_remote:interfaces = rpcecho
1021
1022	[cifs_to_dc]
1023	path = /tmp/_ignore_cifs_to_dc_/_none_
1024	read only = no
1025	ntvfs handler = cifs
1026	cifs:server = $dcvars->{SERVER}
1027	cifs:share = cifs
1028	cifs:use-s4u2proxy = yes
1029	# There is no username specified here, instead the client is expected
1030	# to log in with kerberos, and the serverwill use delegated credentials.
1031	# Or the server tries s4u2self/s4u2proxy to impersonate the client
1032
1033	";
1034
1035	my $ret = $self->provision($prefix,
1036	"member server",
1037	"localrpcproxy",
1038	"SAMBADOMAIN",
1039	"samba.example.com",
1040	"2008",
1041	"locRPCproxypass4",
1042	$dcvars->{SERVER_IP},
1043	$dcvars->{SERVER_IPV6},
1044	$extra_smbconf_options, "", undef);
1045
1046	unless ($ret) {
1047	return undef;
1048	}
1049
1050	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1051
1052	# The joind runs in the context of the rpc_proxy/member for now
1053	my $cmd = "";
1054	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1055	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1056	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1057	} else {
1058	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1059	}
1060	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1061	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
1062	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1063	$cmd .= " --machinepass=machine$ret->{PASSWORD}";
1064
1065	unless (system($cmd) == 0) {
1066	warn("Join failed\n$cmd");
1067	return undef;
1068	}
1069
1070	# Setting up delegation runs in the context of the DC for now
1071	$cmd = "";
1072	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1073	$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1074	$cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
1075	$cmd .= " $dcvars->{CONFIGURATION}";
1076	print $cmd;
1077
1078	unless (system($cmd) == 0) {
1079	warn("Delegation failed\n$cmd");
1080	return undef;
1081	}
1082
1083	# Setting up delegation runs in the context of the DC for now
1084	$cmd = "";
1085	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1086	$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1087	$cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
1088	$cmd .= " $dcvars->{CONFIGURATION}";
1089
1090	unless (system($cmd) == 0) {
1091	warn("Delegation failed\n$cmd");
1092	return undef;
1093	}
1094
1095	$ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
1096	$ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
1097	$ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6};
1098	$ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
1099	$ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
1100	$ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
1101
1102	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1103	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1104	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1105	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1106	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1107	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1108
1109	return $ret;
1110	}
1111
1112	sub provision_promoted_dc($$$)
1113	{
1114	my ($self, $prefix, $dcvars) = @_;
1115	print "PROVISIONING PROMOTED DC...";
1116
1117	# We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
1118	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1119	"promotedvdc",
1120	"SAMBADOMAIN",
1121	"samba.example.com",
1122	"2008",
1123	$dcvars->{PASSWORD},
1124	$dcvars->{SERVER_IP},
1125	$dcvars->{SERVER_IPV6});
1126
1127	push (@{$ctx->{provision_options}}, "--use-ntvfs");
1128
1129	$ctx->{smb_conf_extra_options} = "
1130	max xmit = 32K
1131	server max protocol = SMB2
1132
1133	[sysvol]
1134	path = $ctx->{statedir}/sysvol
1135	read only = yes
1136
1137	[netlogon]
1138	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1139	read only = no
1140
1141	";
1142
1143	my $ret = $self->provision_raw_step1($ctx);
1144	unless ($ret) {
1145	return undef;
1146	}
1147
1148	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1149	my $cmd = "";
1150	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1151	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1152	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1153	} else {
1154	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1155	}
1156	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1157	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
1158	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1159	$cmd .= " --machinepass=machine$ret->{PASSWORD}";
1160
1161	unless (system($cmd) == 0) {
1162	warn("Join failed\n$cmd");
1163	return undef;
1164	}
1165
1166	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1167	my $cmd = "";
1168	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1169	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1170	$cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1171	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1172	$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
1173
1174	unless (system($cmd) == 0) {
1175	warn("Join failed\n$cmd");
1176	return undef;
1177	}
1178
1179	$ret->{PROMOTED_DC_SERVER} = $ret->{SERVER};
1180	$ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP};
1181	$ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1182	$ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1183
1184	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1185	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1186	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1187	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1188	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1189	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1190
1191	return $ret;
1192	}
1193
1194	sub provision_vampire_dc($$$)
1195	{
1196	my ($self, $prefix, $dcvars) = @_;
1197	print "PROVISIONING VAMPIRE DC...";
1198
1199	# We do this so that we don't run the provision. That's the job of 'net vampire'.
1200	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1201	"localvampiredc",
1202	"SAMBADOMAIN",
1203	"samba.example.com",
1204	"2008",
1205	$dcvars->{PASSWORD},
1206	$dcvars->{SERVER_IP},
1207	$dcvars->{SERVER_IPV6});
1208
1209	push (@{$ctx->{provision_options}}, "--use-ntvfs");
1210
1211	$ctx->{smb_conf_extra_options} = "
1212	max xmit = 32K
1213	server max protocol = SMB2
1214
1215	[sysvol]
1216	path = $ctx->{statedir}/sysvol
1217	read only = yes
1218
1219	[netlogon]
1220	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1221	read only = no
1222
1223	";
1224
1225	my $ret = $self->provision_raw_step1($ctx);
1226	unless ($ret) {
1227	return undef;
1228	}
1229
1230	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1231	my $cmd = "";
1232	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1233	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1234	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1235	} else {
1236	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1237	}
1238	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1239	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1240	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
1241	$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1242
1243	unless (system($cmd) == 0) {
1244	warn("Join failed\n$cmd");
1245	return undef;
1246	}
1247
1248	$ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
1249	$ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
1250	$ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1251	$ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1252
1253	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1254	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1255	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1256	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1257	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1258	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1259	$ret->{DC_REALM} = $dcvars->{DC_REALM};
1260
1261	return $ret;
1262	}
1263
1264	sub provision_subdom_dc($$$)
1265	{
1266	my ($self, $prefix, $dcvars) = @_;
1267	print "PROVISIONING SUBDOMAIN DC...";
1268
1269	# We do this so that we don't run the provision. That's the job of 'net vampire'.
1270	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1271	"localsubdc",
1272	"SAMBASUBDOM",
1273	"sub.samba.example.com",
1274	"2008",
1275	$dcvars->{PASSWORD},
1276	undef);
1277
1278	push (@{$ctx->{provision_options}}, "--use-ntvfs");
1279
1280	$ctx->{smb_conf_extra_options} = "
1281	max xmit = 32K
1282	server max protocol = SMB2
1283
1284	[sysvol]
1285	path = $ctx->{statedir}/sysvol
1286	read only = yes
1287
1288	[netlogon]
1289	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1290	read only = no
1291
1292	";
1293
1294	my $ret = $self->provision_raw_step1($ctx);
1295	unless ($ret) {
1296	return undef;
1297	}
1298
1299	Samba::mk_krb5_conf($ctx);
1300
1301	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1302	my $cmd = "";
1303	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1304	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1305	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1306	} else {
1307	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1308	}
1309	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1310	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
1311	$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
1312	$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1313	$cmd .= " --adminpass=$ret->{PASSWORD}";
1314
1315	unless (system($cmd) == 0) {
1316	warn("Join failed\n$cmd");
1317	return undef;
1318	}
1319
1320	$ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
1321	$ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
1322	$ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1323	$ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1324
1325	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1326	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1327	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1328	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1329	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1330	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1331
1332	return $ret;
1333	}
1334
1335	sub provision_ad_dc_ntvfs($$)
1336	{
1337	my ($self, $prefix) = @_;
1338
1339	# We keep the old 'winbind' name here in server services to
1340	# ensure upgrades which used that name still work with the now
1341	# alias.
1342
1343	print "PROVISIONING AD DC (NTVFS)...";
1344	my $extra_conf_options = "netbios aliases = localDC1-a
1345	server services = +winbind -winbindd
1346	ldap server require strong auth = allow_sasl_over_tls
1347	";
1348	my $ret = $self->provision($prefix,
1349	"domain controller",
1350	"localdc",
1351	"SAMBADOMAIN",
1352	"samba.example.com",
1353	"2008",
1354	"locDCpass1",
1355	undef,
1356	undef,
1357	$extra_conf_options,
1358	"",
1359	undef);
1360
1361	return undef unless(defined $ret);
1362	unless($self->add_wins_config("$prefix/private")) {
1363	warn("Unable to add wins configuration");
1364	return undef;
1365	}
1366	$ret->{NETBIOSALIAS} = "localdc1-a";
1367	$ret->{DC_SERVER} = $ret->{SERVER};
1368	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1369	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1370	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1371	$ret->{DC_USERNAME} = $ret->{USERNAME};
1372	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1373	$ret->{DC_REALM} = $ret->{REALM};
1374
1375	return $ret;
1376	}
1377
1378	sub provision_fl2000dc($$)
1379	{
1380	my ($self, $prefix) = @_;
1381
1382	print "PROVISIONING DC WITH FOREST LEVEL 2000...";
1383	my $extra_conf_options = "
1384	spnego:simulate_w2k=yes
1385	ntlmssp_server:force_old_spnego=yes
1386	";
1387	my $ret = $self->provision($prefix,
1388	"domain controller",
1389	"dc5",
1390	"SAMBA2000",
1391	"samba2000.example.com",
1392	"2000",
1393	"locDCpass5",
1394	undef,
1395	undef,
1396	$extra_conf_options,
1397	"",
1398	undef);
1399
1400	unless($self->add_wins_config("$prefix/private")) {
1401	warn("Unable to add wins configuration");
1402	return undef;
1403	}
1404	$ret->{DC_SERVER} = $ret->{SERVER};
1405	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1406	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1407	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1408	$ret->{DC_USERNAME} = $ret->{USERNAME};
1409	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1410	$ret->{DC_REALM} = $ret->{REALM};
1411
1412	return $ret;
1413	}
1414
1415	sub provision_fl2003dc($$$)
1416	{
1417	my ($self, $prefix, $dcvars) = @_;
1418
1419	print "PROVISIONING DC WITH FOREST LEVEL 2003...";
1420	my $extra_conf_options = "allow dns updates = nonsecure and secure";
1421	my $ret = $self->provision($prefix,
1422	"domain controller",
1423	"dc6",
1424	"SAMBA2003",
1425	"samba2003.example.com",
1426	"2003",
1427	"locDCpass6",
1428	undef,
1429	undef,
1430	$extra_conf_options,
1431	"",
1432	undef);
1433
1434	unless (defined $ret) {
1435	return undef;
1436	}
1437
1438	$ret->{DC_SERVER} = $ret->{SERVER};
1439	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1440	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1441	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1442	$ret->{DC_USERNAME} = $ret->{USERNAME};
1443	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1444
1445	my @samba_tool_options;
1446	push (@samba_tool_options, Samba::bindir_path($self, "samba-tool"));
1447	push (@samba_tool_options, "domain");
1448	push (@samba_tool_options, "passwordsettings");
1449	push (@samba_tool_options, "set");
1450	push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}");
1451	push (@samba_tool_options, "--min-pwd-age=0");
1452	push (@samba_tool_options, "--history-length=1");
1453
1454	my $samba_tool_cmd = join(" ", @samba_tool_options);
1455
1456	unless (system($samba_tool_cmd) == 0) {
1457	warn("Unable to set min password age to 0: \n$samba_tool_cmd\n");
1458	return undef;
1459	}
1460
1461	return $ret;
1462
1463	unless($self->add_wins_config("$prefix/private")) {
1464	warn("Unable to add wins configuration");
1465	return undef;
1466	}
1467
1468	return $ret;
1469	}
1470
1471	sub provision_fl2008r2dc($$$)
1472	{
1473	my ($self, $prefix, $dcvars) = @_;
1474
1475	print "PROVISIONING DC WITH FOREST LEVEL 2008r2...";
1476	my $extra_conf_options = "ldap server require strong auth = no";
1477	my $ret = $self->provision($prefix,
1478	"domain controller",
1479	"dc7",
1480	"SAMBA2008R2",
1481	"samba2008R2.example.com",
1482	"2008_R2",
1483	"locDCpass7",
1484	undef,
1485	undef,
1486	$extra_conf_options,
1487	"",
1488	undef);
1489
1490	unless ($self->add_wins_config("$prefix/private")) {
1491	warn("Unable to add wins configuration");
1492	return undef;
1493	}
1494	$ret->{DC_SERVER} = $ret->{SERVER};
1495	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1496	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1497	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1498	$ret->{DC_USERNAME} = $ret->{USERNAME};
1499	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1500	$ret->{DC_REALM} = $ret->{REALM};
1501
1502	return $ret;
1503	}
1504
1505
1506	sub provision_rodc($$$)
1507	{
1508	my ($self, $prefix, $dcvars) = @_;
1509	print "PROVISIONING RODC...";
1510
1511	# We do this so that we don't run the provision. That's the job of 'net join RODC'.
1512	my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1513	"rodc",
1514	"SAMBADOMAIN",
1515	"samba.example.com",
1516	"2008",
1517	$dcvars->{PASSWORD},
1518	$dcvars->{SERVER_IP},
1519	$dcvars->{SERVER_IPV6});
1520	unless ($ctx) {
1521	return undef;
1522	}
1523
1524	push (@{$ctx->{provision_options}}, "--use-ntvfs");
1525
1526	$ctx->{share} = "$ctx->{prefix_abs}/share";
1527	push(@{$ctx->{directories}}, "$ctx->{share}");
1528
1529	$ctx->{smb_conf_extra_options} = "
1530	max xmit = 32K
1531	server max protocol = SMB2
1532
1533	[sysvol]
1534	path = $ctx->{statedir}/sysvol
1535	read only = yes
1536
1537	[netlogon]
1538	path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1539	read only = yes
1540
1541	[tmp]
1542	path = $ctx->{share}
1543	read only = no
1544	posix:sharedelay = 10000
1545	posix:oplocktimeout = 3
1546	posix:writetimeupdatedelay = 50000
1547
1548	";
1549
1550	my $ret = $self->provision_raw_step1($ctx);
1551	unless ($ret) {
1552	return undef;
1553	}
1554
1555	my $samba_tool = Samba::bindir_path($self, "samba-tool");
1556	my $cmd = "";
1557	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1558	if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1559	$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1560	} else {
1561	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1562	}
1563	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1564	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
1565	$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1566	$cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs";
1567
1568	unless (system($cmd) == 0) {
1569	warn("RODC join failed\n$cmd");
1570	return undef;
1571	}
1572
1573	# This ensures deterministic behaviour for tests that want to have the 'testallowed account'
1574	# user password verified on the RODC
1575	my $testallowed_account = "testallowed account";
1576	$cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1577	$cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}";
1578	$cmd .= " --server=$dcvars->{DC_SERVER}";
1579
1580	unless (system($cmd) == 0) {
1581	warn("RODC join failed\n$cmd");
1582	return undef;
1583	}
1584
1585	# we overwrite the kdc after the RODC join
1586	# so that use the RODC as kdc and test
1587	# the proxy code
1588	$ctx->{kdc_ipv4} = $ret->{SERVER_IP};
1589	$ctx->{kdc_ipv6} = $ret->{SERVER_IPV6};
1590	Samba::mk_krb5_conf($ctx);
1591
1592	$ret->{RODC_DC_SERVER} = $ret->{SERVER};
1593	$ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
1594	$ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1595	$ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1596
1597	$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1598	$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1599	$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1600	$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1601	$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1602	$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1603
1604	return $ret;
1605	}
1606
1607	sub provision_ad_dc($$)
1608	{
1609	my ($self, $prefix) = @_;
1610
1611	my $prefix_abs = abs_path($prefix);
1612
1613	my $bindir_abs = abs_path($self->{bindir});
1614	my $lockdir="$prefix_abs/lockdir";
1615	my $conffile="$prefix_abs/etc/smb.conf";
1616
1617	my $extra_smbconf_options = "
1618	server services = -smb +s3fs
1619	xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
1620
1621	dbwrap_tdb_mutexes:* = yes
1622
1623	kernel oplocks = no
1624	kernel change notify = no
1625
1626	logging = file
1627	printing = bsd
1628	printcap name = /dev/null
1629
1630	max protocol = SMB3
1631	read only = no
1632	server signing = auto
1633
1634	smbd:sharedelay = 100000
1635	smbd:writetimeupdatedelay = 500000
1636	create mask = 755
1637	dos filemode = yes
1638
1639	dcerpc endpoint servers = -winreg -srvsvc
1640
1641	printcap name = /dev/null
1642
1643	addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile --
1644	deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile --
1645
1646	printing = vlp
1647	print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
1648	lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
1649	lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
1650	lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
1651	lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
1652	queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
1653	queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
1654	lpq cache time = 0
1655	print notify backchannel = yes
1656	";
1657
1658	my $extra_smbconf_shares = "
1659
1660	[tmpenc]
1661	copy = tmp
1662	smb encrypt = required
1663
1664	[tmpcase]
1665	copy = tmp
1666	case sensitive = yes
1667
1668	[tmpguest]
1669	copy = tmp
1670	guest ok = yes
1671
1672	[hideunread]
1673	copy = tmp
1674	hide unreadable = yes
1675
1676	[durable]
1677	copy = tmp
1678	kernel share modes = no
1679	kernel oplocks = no
1680	posix locking = no
1681
1682	[print\$]
1683	copy = tmp
1684
1685	[print1]
1686	copy = tmp
1687	printable = yes
1688
1689	[print2]
1690	copy = print1
1691	[print3]
1692	copy = print1
1693	[lp]
1694	copy = print1
1695	";
1696
1697	print "PROVISIONING AD DC...";
1698	my $ret = $self->provision($prefix,
1699	"domain controller",
1700	"addc",
1701	"ADDOMAIN",
1702	"addom.samba.example.com",
1703	"2008",
1704	"locDCpass1",
1705	undef,
1706	undef,
1707	$extra_smbconf_options,
1708	$extra_smbconf_shares,
1709	undef);
1710
1711	return undef unless(defined $ret);
1712	unless($self->add_wins_config("$prefix/private")) {
1713	warn("Unable to add wins configuration");
1714	return undef;
1715	}
1716
1717	$ret->{DC_SERVER} = $ret->{SERVER};
1718	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1719	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1720	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1721	$ret->{DC_USERNAME} = $ret->{USERNAME};
1722	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1723
1724	return $ret;
1725	}
1726
1727	sub provision_chgdcpass($$)
1728	{
1729	my ($self, $prefix) = @_;
1730
1731	print "PROVISIONING CHGDCPASS...";
1732	my $extra_provision_options = undef;
1733	push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
1734	my $ret = $self->provision($prefix,
1735	"domain controller",
1736	"chgdcpass",
1737	"CHDCDOMAIN",
1738	"chgdcpassword.samba.example.com",
1739	"2008",
1740	"chgDCpass1",
1741	undef,
1742	undef,
1743	"",
1744	"",
1745	$extra_provision_options);
1746
1747	return undef unless(defined $ret);
1748	unless($self->add_wins_config("$prefix/private")) {
1749	warn("Unable to add wins configuration");
1750	return undef;
1751	}
1752
1753	# Remove secrets.tdb from this environment to test that we
1754	# still start up on systems without the new matching
1755	# secrets.tdb records.
1756	unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") \|\| unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) {
1757	warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
1758	return undef;
1759	}
1760
1761	$ret->{DC_SERVER} = $ret->{SERVER};
1762	$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1763	$ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1764	$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1765	$ret->{DC_USERNAME} = $ret->{USERNAME};
1766	$ret->{DC_PASSWORD} = $ret->{PASSWORD};
1767
1768	return $ret;
1769	}
1770
1771	sub teardown_env($$)
1772	{
1773	my ($self, $envvars) = @_;
1774	my $pid;
1775
1776	# This should cause samba to terminate gracefully
1777	close($envvars->{STDIN_PIPE});
1778
1779	$pid = $envvars->{SAMBA_PID};
1780	my $count = 0;
1781	my $childpid;
1782
1783	# This should give it time to write out the gcov data
1784	until ($count > 30) {
1785	if (Samba::cleanup_child($pid, "samba") == -1) {
1786	last;
1787	}
1788	sleep(1);
1789	$count++;
1790	}
1791
1792	if ($count > 30 \|\| kill(0, $pid)) {
1793	kill "TERM", $pid;
1794
1795	until ($count > 40) {
1796	if (Samba::cleanup_child($pid, "samba") == -1) {
1797	last;
1798	}
1799	sleep(1);
1800	$count++;
1801	}
1802	# If it is still around, kill it
1803	warn "server process $pid took more than $count seconds to exit, killing\n";
1804	kill 9, $pid;
1805	}
1806
1807	$self->slapd_stop($envvars) if ($self->{ldap});
1808
1809	print $self->getlog_env($envvars);
1810
1811	return;
1812	}
1813
1814	sub getlog_env($$)
1815	{
1816	my ($self, $envvars) = @_;
1817	my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
1818	my $out = $title;
1819
1820	open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
1821
1822	seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
1823	while (<LOG>) {
1824	$out .= $_;
1825	}
1826	$envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
1827	close(LOG);
1828
1829	return "" if $out eq $title;
1830
1831	return $out;
1832	}
1833
1834	sub check_env($$)
1835	{
1836	my ($self, $envvars) = @_;
1837	my $samba_pid = $envvars->{SAMBA_PID};
1838
1839	if (not defined($samba_pid)) {
1840	return 0;
1841	} elsif ($samba_pid > 0) {
1842	my $childpid = Samba::cleanup_child($samba_pid, "samba");
1843
1844	if ($childpid == 0) {
1845	return 1;
1846	}
1847	return 0;
1848	} else {
1849	return 1;
1850	}
1851
1852	}
1853
1854	sub setup_env($$$)
1855	{
1856	my ($self, $envname, $path) = @_;
1857	my $target3 = $self->{target3};
1858
1859	$ENV{ENVNAME} = $envname;
1860
1861	if (defined($self->{vars}->{$envname})) {
1862	return $self->{vars}->{$envname};
1863	}
1864
1865	if ($envname eq "ad_dc_ntvfs") {
1866	return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1867	} elsif ($envname eq "fl2000dc") {
1868	return $self->setup_fl2000dc("$path/fl2000dc");
1869	} elsif ($envname eq "fl2003dc") {
1870	if (not defined($self->{vars}->{ad_dc})) {
1871	$self->setup_ad_dc("$path/ad_dc");
1872	}
1873	return $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{ad_dc});
1874	} elsif ($envname eq "fl2008r2dc") {
1875	if (not defined($self->{vars}->{ad_dc})) {
1876	$self->setup_ad_dc("$path/ad_dc");
1877	}
1878	return $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{ad_dc});
1879	} elsif ($envname eq "rpc_proxy") {
1880	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1881	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1882	}
1883	return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ad_dc_ntvfs});
1884	} elsif ($envname eq "vampire_dc") {
1885	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1886	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1887	}
1888	return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs});
1889	} elsif ($envname eq "promoted_dc") {
1890	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1891	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1892	}
1893	return $self->setup_promoted_dc("$path/promoted_dc", $self->{vars}->{ad_dc_ntvfs});
1894	} elsif ($envname eq "subdom_dc") {
1895	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1896	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1897	}
1898	return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
1899	} elsif ($envname eq "s4member_dflt_domain") {
1900	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1901	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1902	}
1903	return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs});
1904	} elsif ($envname eq "s4member") {
1905	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1906	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1907	}
1908	return $self->setup_s4member("$path/s4member", $self->{vars}->{ad_dc_ntvfs});
1909	} elsif ($envname eq "rodc") {
1910	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1911	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1912	}
1913	return $self->setup_rodc("$path/rodc", $self->{vars}->{ad_dc_ntvfs});
1914	} elsif ($envname eq "chgdcpass") {
1915	return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
1916	} elsif ($envname eq "ad_member") {
1917	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1918	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1919	}
1920	return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29);
1921	} elsif ($envname eq "ad_dc") {
1922	return $self->setup_ad_dc("$path/ad_dc");
1923	} elsif ($envname eq "ad_dc_no_nss") {
1924	return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
1925	} elsif ($envname eq "ad_member_rfc2307") {
1926	if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1927	$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1928	}
1929	return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
1930	$self->{vars}->{ad_dc_ntvfs}, 34);
1931	} elsif ($envname eq "none") {
1932	return $self->setup_none("$path/none");
1933	} else {
1934	return "UNKNOWN";
1935	}
1936	}
1937
1938	sub setup_s4member($$$)
1939	{
1940	my ($self, $path, $dc_vars) = @_;
1941
1942	my $env = $self->provision_s4member($path, $dc_vars, "s4member");
1943
1944	if (defined $env) {
1945	if (not defined($self->check_or_start($env, "single"))) {
1946	return undef;
1947	}
1948
1949	$self->{vars}->{s4member} = $env;
1950	}
1951
1952	return $env;
1953	}
1954
1955	sub setup_s4member_dflt_domain($$$)
1956	{
1957	my ($self, $path, $dc_vars) = @_;
1958
1959	my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt",
1960	"winbind use default domain = yes");
1961
1962	if (defined $env) {
1963	if (not defined($self->check_or_start($env, "standard"))) {
1964	return undef;
1965	}
1966
1967	$self->{vars}->{s4member_dflt_domain} = $env;
1968	}
1969
1970	return $env;
1971	}
1972
1973	sub setup_rpc_proxy($$$)
1974	{
1975	my ($self, $path, $dc_vars) = @_;
1976
1977	my $env = $self->provision_rpc_proxy($path, $dc_vars);
1978
1979	if (defined $env) {
1980	if (not defined($self->check_or_start($env, "single"))) {
1981	return undef;
1982	}
1983
1984	$self->{vars}->{rpc_proxy} = $env;
1985	}
1986	return $env;
1987	}
1988
1989	sub setup_ad_dc_ntvfs($$)
1990	{
1991	my ($self, $path) = @_;
1992
1993	my $env = $self->provision_ad_dc_ntvfs($path);
1994	if (defined $env) {
1995	if (not defined($self->check_or_start($env, "standard"))) {
1996	warn("Failed to start ad_dc_ntvfs");
1997	return undef;
1998	}
1999
2000	$self->{vars}->{ad_dc_ntvfs} = $env;
2001	}
2002	return $env;
2003	}
2004
2005	sub setup_chgdcpass($$)
2006	{
2007	my ($self, $path) = @_;
2008
2009	my $env = $self->provision_chgdcpass($path);
2010	if (defined $env) {
2011	if (not defined($self->check_or_start($env, "single"))) {
2012	return undef;
2013	}
2014
2015	$self->{vars}->{chgdcpass} = $env;
2016	}
2017	return $env;
2018	}
2019
2020	sub setup_fl2000dc($$)
2021	{
2022	my ($self, $path) = @_;
2023
2024	my $env = $self->provision_fl2000dc($path);
2025	if (defined $env) {
2026	if (not defined($self->check_or_start($env, "single"))) {
2027	return undef;
2028	}
2029
2030	$self->{vars}->{fl2000dc} = $env;
2031	}
2032
2033	return $env;
2034	}
2035
2036	sub setup_fl2003dc($$$)
2037	{
2038	my ($self, $path, $dc_vars) = @_;
2039
2040	my $env = $self->provision_fl2003dc($path);
2041
2042	if (defined $env) {
2043	if (not defined($self->check_or_start($env, "single"))) {
2044	return undef;
2045	}
2046
2047	$env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys");
2048
2049	$self->{vars}->{fl2003dc} = $env;
2050	}
2051	return $env;
2052	}
2053
2054	sub setup_fl2008r2dc($$$)
2055	{
2056	my ($self, $path, $dc_vars) = @_;
2057
2058	my $env = $self->provision_fl2008r2dc($path);
2059
2060	if (defined $env) {
2061	if (not defined($self->check_or_start($env, "single"))) {
2062	return undef;
2063	}
2064
2065	my $upn_array = ["$env->{REALM}.upn"];
2066	my $spn_array = ["$env->{REALM}.spn"];
2067
2068	$self->setup_namespaces($env, $upn_array, $spn_array);
2069
2070	$env = $self->setup_trust($env, $dc_vars, "forest", "");
2071
2072	$self->{vars}->{fl2008r2dc} = $env;
2073	}
2074
2075	return $env;
2076	}
2077
2078	sub setup_vampire_dc($$$)
2079	{
2080	my ($self, $path, $dc_vars) = @_;
2081
2082	my $env = $self->provision_vampire_dc($path, $dc_vars);
2083
2084	if (defined $env) {
2085	if (not defined($self->check_or_start($env, "single"))) {
2086	return undef;
2087	}
2088
2089	$self->{vars}->{vampire_dc} = $env;
2090
2091	# force replicated DC to update repsTo/repsFrom
2092	# for vampired partitions
2093	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2094	my $cmd = "";
2095	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2096	if (defined($env->{RESOLV_WRAPPER_CONF})) {
2097	$cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2098	} else {
2099	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2100	}
2101	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2102	$cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
2103	$cmd .= " $env->{CONFIGURATION}";
2104	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2105	unless (system($cmd) == 0) {
2106	warn("Failed to exec kcc\n$cmd");
2107	return undef;
2108	}
2109
2110	# as 'vampired' dc may add data in its local replica
2111	# we need to synchronize data between DCs
2112	my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2113	$cmd = "";
2114	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2115	if (defined($env->{RESOLV_WRAPPER_CONF})) {
2116	$cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2117	} else {
2118	$cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2119	}
2120	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2121	$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2122	$cmd .= " $dc_vars->{CONFIGURATION}";
2123	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2124	# replicate Configuration NC
2125	my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2126	unless(system($cmd_repl) == 0) {
2127	warn("Failed to replicate\n$cmd_repl");
2128	return undef;
2129	}
2130	# replicate Default NC
2131	$cmd_repl = "$cmd \"$base_dn\"";
2132	unless(system($cmd_repl) == 0) {
2133	warn("Failed to replicate\n$cmd_repl");
2134	return undef;
2135	}
2136	}
2137
2138	return $env;
2139	}
2140
2141	sub setup_promoted_dc($$$)
2142	{
2143	my ($self, $path, $dc_vars) = @_;
2144
2145	my $env = $self->provision_promoted_dc($path, $dc_vars);
2146
2147	if (defined $env) {
2148	if (not defined($self->check_or_start($env, "single"))) {
2149	return undef;
2150	}
2151
2152	$self->{vars}->{promoted_dc} = $env;
2153
2154	# force source and replicated DC to update repsTo/repsFrom
2155	# for vampired partitions
2156	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2157	my $cmd = "";
2158	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2159	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2160	$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2161	$cmd .= " $env->{CONFIGURATION}";
2162	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2163	unless (system($cmd) == 0) {
2164	warn("Failed to exec kcc\n$cmd");
2165	return undef;
2166	}
2167
2168	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2169	my $cmd = "";
2170	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2171	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2172	$cmd .= " $samba_tool drs kcc $env->{SERVER}";
2173	$cmd .= " $env->{CONFIGURATION}";
2174	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2175	unless (system($cmd) == 0) {
2176	warn("Failed to exec kcc\n$cmd");
2177	return undef;
2178	}
2179
2180	# as 'vampired' dc may add data in its local replica
2181	# we need to synchronize data between DCs
2182	my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2183	$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2184	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2185	$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2186	$cmd .= " $dc_vars->{CONFIGURATION}";
2187	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2188	# replicate Configuration NC
2189	my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2190	unless(system($cmd_repl) == 0) {
2191	warn("Failed to replicate\n$cmd_repl");
2192	return undef;
2193	}
2194	# replicate Default NC
2195	$cmd_repl = "$cmd \"$base_dn\"";
2196	unless(system($cmd_repl) == 0) {
2197	warn("Failed to replicate\n$cmd_repl");
2198	return undef;
2199	}
2200	}
2201
2202	return $env;
2203	}
2204
2205	sub setup_subdom_dc($$$)
2206	{
2207	my ($self, $path, $dc_vars) = @_;
2208
2209	my $env = $self->provision_subdom_dc($path, $dc_vars);
2210
2211	if (defined $env) {
2212	if (not defined($self->check_or_start($env, "single"))) {
2213	return undef;
2214	}
2215
2216	$self->{vars}->{subdom_dc} = $env;
2217
2218	# force replicated DC to update repsTo/repsFrom
2219	# for primary domain partitions
2220	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2221	my $cmd = "";
2222	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2223	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2224	$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2225	$cmd .= " $env->{CONFIGURATION}";
2226	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2227	unless (system($cmd) == 0) {
2228	warn("Failed to exec kcc\n$cmd");
2229	return undef;
2230	}
2231
2232	# as 'subdomain' dc may add data in its local replica
2233	# we need to synchronize data between DCs
2234	my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
2235	my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2236	$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2237	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2238	$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
2239	$cmd .= " $dc_vars->{CONFIGURATION}";
2240	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2241	# replicate Configuration NC
2242	my $cmd_repl = "$cmd \"$config_dn\"";
2243	unless(system($cmd_repl) == 0) {
2244	warn("Failed to replicate\n$cmd_repl");
2245	return undef;
2246	}
2247	# replicate Default NC
2248	$cmd_repl = "$cmd \"$base_dn\"";
2249	unless(system($cmd_repl) == 0) {
2250	warn("Failed to replicate\n$cmd_repl");
2251	return undef;
2252	}
2253	}
2254
2255	return $env;
2256	}
2257
2258	sub setup_rodc($$$)
2259	{
2260	my ($self, $path, $dc_vars) = @_;
2261
2262	my $env = $self->provision_rodc($path, $dc_vars);
2263
2264	unless ($env) {
2265	return undef;
2266	}
2267
2268	if (not defined($self->check_or_start($env, "single"))) {
2269	return undef;
2270	}
2271
2272	# force source and replicated DC to update repsTo/repsFrom
2273	# for vampired partitions
2274	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2275	my $cmd = "";
2276	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2277	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2278	$cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
2279	$cmd .= " $env->{CONFIGURATION}";
2280	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2281	unless (system($cmd) == 0) {
2282	warn("Failed to exec kcc\n$cmd");
2283	return undef;
2284	}
2285
2286	my $samba_tool = Samba::bindir_path($self, "samba-tool");
2287	my $cmd = "";
2288	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2289	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2290	$cmd .= " $samba_tool drs kcc -k no $env->{SERVER}";
2291	$cmd .= " $env->{CONFIGURATION}";
2292	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2293	unless (system($cmd) == 0) {
2294	warn("Failed to exec kcc\n$cmd");
2295	return undef;
2296	}
2297
2298	my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2299	$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2300	$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2301	$cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}";
2302	$cmd .= " $dc_vars->{CONFIGURATION}";
2303	$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2304	# replicate Configuration NC
2305	my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2306	unless(system($cmd_repl) == 0) {
2307	warn("Failed to replicate\n$cmd_repl");
2308	return undef;
2309	}
2310	# replicate Default NC
2311	$cmd_repl = "$cmd \"$base_dn\"";
2312	unless(system($cmd_repl) == 0) {
2313	warn("Failed to replicate\n$cmd_repl");
2314	return undef;
2315	}
2316
2317	$self->{vars}->{rodc} = $env;
2318
2319	return $env;
2320	}
2321
2322	sub setup_ad_dc($$)
2323	{
2324	my ($self, $path, $no_nss) = @_;
2325
2326	# If we didn't build with ADS, pretend this env was never available
2327	if (not $self->{target3}->have_ads()) {
2328	return "UNKNOWN";
2329	}
2330
2331	my $env = $self->provision_ad_dc($path);
2332	unless ($env) {
2333	return undef;
2334	}
2335
2336	if (defined($no_nss) and $no_nss) {
2337	$env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
2338	$env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
2339	}
2340
2341	if (not defined($self->check_or_start($env, "single"))) {
2342	return undef;
2343	}
2344
2345	my $upn_array = ["$env->{REALM}.upn"];
2346	my $spn_array = ["$env->{REALM}.spn"];
2347
2348	$self->setup_namespaces($env, $upn_array, $spn_array);
2349
2350	$self->{vars}->{ad_dc} = $env;
2351	return $env;
2352	}
2353
2354	sub setup_none($$)
2355	{
2356	my ($self, $path) = @_;
2357
2358	my $ret = {
2359	KRB5_CONFIG => abs_path($path) . "/no_krb5.conf",
2360	SAMBA_PID => -1,
2361	}
2362	}
2363
2364	1;

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/selftest/target/Samba4.pm

Download in other formats: