Changeset 988 for vendor/current/selftest/target
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- Location:
- vendor/current/selftest/target
- Files:
-
- 3 added
- 3 deleted
- 2 edited
-
Kvm.pm (deleted)
-
Samba.pm (added)
-
Samba3.pm (modified) (34 diffs)
-
Samba4.pm (modified) (50 diffs)
-
Template.pm (deleted)
-
Windows.pm (deleted)
-
__init__.py (added)
-
samba.py (added)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/selftest/target/Samba3.pm
r919 r988 10 10 use FindBin qw($RealBin); 11 11 use POSIX; 12 13 sub binpath($$) 12 use target::Samba; 13 14 sub have_ads($) { 15 my ($self) = @_; 16 my $found_ads = 0; 17 my $smbd_build_options = Samba::bindir_path($self, "smbd") . " -b|"; 18 open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!"); 19 20 while (<IN>) { 21 if (/WITH_ADS/) { 22 $found_ads = 1; 23 } 24 } 25 close IN; 26 27 # If we were not built with ADS support, pretend we were never even available 28 print "smbd does not have ADS support\n" unless $found_ads; 29 return $found_ads; 30 } 31 32 # return smb.conf parameters applicable to @path, based on the underlying 33 # filesystem type 34 sub get_fs_specific_conf($$) 14 35 { 15 my ($self, $binary) = @_; 16 17 if (defined($self->{bindir})) { 18 my $path = "$self->{bindir}/$binary"; 19 -f $path or die("File $path doesn't exist"); 20 return $path; 21 } 22 23 return $binary; 36 my ($self, $path) = @_; 37 my $mods = ""; 38 my $stat_out = `stat --file-system $path` or return ""; 39 40 if ($stat_out =~ m/Type:\s+btrfs/) { 41 $mods .= "btrfs "; 42 } 43 44 if ($mods) { 45 return "vfs objects = $mods"; 46 } 47 48 return undef; 24 49 } 25 50 26 51 sub new($$) { 27 my ($classname, $bindir, $srcdir) = @_; 28 my $self = { bindir => $bindir, 29 srcdir => $srcdir 52 my ($classname, $bindir, $srcdir, $server_maxtime) = @_; 53 my $self = { vars => {}, 54 bindir => $bindir, 55 srcdir => $srcdir, 56 server_maxtime => $server_maxtime 30 57 }; 31 58 bless $self; … … 36 63 { 37 64 my ($self, $envvars) = @_; 38 39 my $smbdpid = read_pid($envvars, "smbd"); 40 my $nmbdpid = read_pid($envvars, "nmbd"); 41 my $winbinddpid = read_pid($envvars, "winbindd"); 65 my $count = 0; 66 67 # This should cause smbd to terminate gracefully 68 close($envvars->{STDIN_PIPE}); 69 70 my $smbdpid = $envvars->{SMBD_TL_PID}; 71 my $nmbdpid = $envvars->{NMBD_TL_PID}; 72 my $winbinddpid = $envvars->{WINBINDD_TL_PID}; 73 74 # This should give it time to write out the gcov data 75 until ($count > 20) { 76 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); 77 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); 78 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); 79 if ($smbdchild == -1 80 && $nmbdchild == -1 81 && $winbinddchild == -1) { 82 last; 83 } 84 sleep(1); 85 $count++; 86 } 87 88 if ($count <= 20 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) { 89 return; 90 } 42 91 43 92 $self->stop_sig_term($smbdpid); … … 45 94 $self->stop_sig_term($winbinddpid); 46 95 47 sleep(2); 48 96 $count = 0; 97 until ($count > 10) { 98 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); 99 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); 100 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); 101 if ($smbdchild == -1 102 && $nmbdchild == -1 103 && $winbinddchild == -1) { 104 last; 105 } 106 sleep(1); 107 $count++; 108 } 109 110 if ($count <= 10 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) { 111 return; 112 } 113 114 warn("timelimit process did not quit on SIGTERM, sending SIGKILL"); 49 115 $self->stop_sig_kill($smbdpid); 50 116 $self->stop_sig_kill($nmbdpid); … … 91 157 my ($self, $envvars) = @_; 92 158 159 my $childpid = waitpid(-1, WNOHANG); 160 93 161 # TODO ... 94 162 return 1; … … 98 166 { 99 167 my ($self, $envname, $path) = @_; 100 101 if ($envname eq "s3dc") { 102 return $self->setup_dc("$path/s3dc"); 103 } elsif ($envname eq "secshare") { 104 return $self->setup_secshare("$path/secshare"); 105 } elsif ($envname eq "secserver") { 106 if (not defined($self->{vars}->{s3dc})) { 107 $self->setup_dc("$path/s3dc"); 108 } 109 return $self->setup_secserver("$path/secserver", $self->{vars}->{s3dc}); 110 } elsif ($envname eq "member") { 111 if (not defined($self->{vars}->{s3dc})) { 112 $self->setup_dc("$path/s3dc"); 113 } 114 return $self->setup_member("$path/member", $self->{vars}->{s3dc}); 168 169 $ENV{ENVNAME} = $envname; 170 171 if (defined($self->{vars}->{$envname})) { 172 return $self->{vars}->{$envname}; 173 } 174 175 # 176 # Avoid hitting system krb5.conf - 177 # An env that needs Kerberos will reset this to the real 178 # value. 179 # 180 $ENV{KRB5_CONFIG} = "$path/no_krb5.conf"; 181 182 if ($envname eq "nt4_dc") { 183 return $self->setup_nt4_dc("$path/nt4_dc"); 184 } elsif ($envname eq "nt4_dc_schannel") { 185 return $self->setup_nt4_dc_schannel("$path/nt4_dc_schannel"); 186 } elsif ($envname eq "simpleserver") { 187 return $self->setup_simpleserver("$path/simpleserver"); 188 } elsif ($envname eq "fileserver") { 189 return $self->setup_fileserver("$path/fileserver"); 190 } elsif ($envname eq "maptoguest") { 191 return $self->setup_maptoguest("$path/maptoguest"); 192 } elsif ($envname eq "ktest") { 193 return $self->setup_ktest("$path/ktest"); 194 } elsif ($envname eq "nt4_member") { 195 if (not defined($self->{vars}->{nt4_dc})) { 196 if (not defined($self->setup_nt4_dc("$path/nt4_dc"))) { 197 return undef; 198 } 199 } 200 return $self->setup_nt4_member("$path/nt4_member", $self->{vars}->{nt4_dc}); 115 201 } else { 116 return undef;117 } 118 } 119 120 sub setup_ dc($$)202 return "UNKNOWN"; 203 } 204 } 205 206 sub setup_nt4_dc($$) 121 207 { 122 208 my ($self, $path) = @_; 123 209 124 print "PROVISIONING S3DC...";125 126 my $ s3dc_options = "210 print "PROVISIONING NT4 DC..."; 211 212 my $nt4_dc_options = " 127 213 domain master = yes 128 214 domain logons = yes 129 215 lanman auth = yes 130 216 raw NTLMv2 auth = yes 217 218 rpc_server:epmapper = external 219 rpc_server:spoolss = external 220 rpc_server:lsarpc = external 221 rpc_server:samr = external 222 rpc_server:netlogon = external 223 rpc_server:register_embedded_np = yes 224 rpc_server:FssagentRpc = external 225 226 rpc_daemon:epmd = fork 227 rpc_daemon:spoolssd = fork 228 rpc_daemon:lsasd = fork 229 rpc_daemon:fssd = fork 230 fss: sequence timeout = 1 131 231 "; 132 232 133 233 my $vars = $self->provision($path, 134 "LOCALS3DC2", 135 2, 136 "locals3dc2pass", 137 $s3dc_options); 138 139 $self->check_or_start($vars, 140 ($ENV{SMBD_MAXTIME} or 2700), 141 "yes", "yes", "yes"); 142 143 $self->wait_for_start($vars); 234 "LOCALNT4DC2", 235 "localntdc2pass", 236 $nt4_dc_options); 237 238 $vars or return undef; 239 240 if (not $self->check_or_start($vars, "yes", "yes", "yes")) { 241 return undef; 242 } 144 243 145 244 $vars->{DC_SERVER} = $vars->{SERVER}; 146 245 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; 246 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; 147 247 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; 148 248 $vars->{DC_USERNAME} = $vars->{USERNAME}; 149 249 $vars->{DC_PASSWORD} = $vars->{PASSWORD}; 150 250 151 $self->{vars}->{ s3dc} = $vars;251 $self->{vars}->{nt4_dc} = $vars; 152 252 153 253 return $vars; 154 254 } 155 255 156 sub setup_ member($$$)256 sub setup_nt4_dc_schannel($$) 157 257 { 158 my ($self, $prefix, $s3dcvars) = @_; 258 my ($self, $path) = @_; 259 260 print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ..."; 261 262 my $pdc_options = " 263 domain master = yes 264 domain logons = yes 265 lanman auth = yes 266 267 rpc_server:epmapper = external 268 rpc_server:spoolss = external 269 rpc_server:lsarpc = external 270 rpc_server:samr = external 271 rpc_server:netlogon = external 272 rpc_server:register_embedded_np = yes 273 274 rpc_daemon:epmd = fork 275 rpc_daemon:spoolssd = fork 276 rpc_daemon:lsasd = fork 277 278 server schannel = yes 279 "; 280 281 my $vars = $self->provision($path, 282 "LOCALNT4DC9", 283 "localntdc9pass", 284 $pdc_options); 285 286 $vars or return undef; 287 288 if (not $self->check_or_start($vars, "yes", "yes", "yes")) { 289 return undef; 290 } 291 292 $vars->{DC_SERVER} = $vars->{SERVER}; 293 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; 294 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; 295 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; 296 $vars->{DC_USERNAME} = $vars->{USERNAME}; 297 $vars->{DC_PASSWORD} = $vars->{PASSWORD}; 298 299 $self->{vars}->{nt4_dc_schannel} = $vars; 300 301 return $vars; 302 } 303 304 sub setup_nt4_member($$$) 305 { 306 my ($self, $prefix, $nt4_dc_vars) = @_; 307 my $count = 0; 308 my $rc; 159 309 160 310 print "PROVISIONING MEMBER..."; … … 163 313 security = domain 164 314 server signing = on 315 dbwrap_tdb_mutexes:* = yes 165 316 "; 166 317 my $ret = $self->provision($prefix, 167 "LOCALMEMBER3", 168 3, 169 "localmember3pass", 318 "LOCALNT4MEMBER3", 319 "localnt4member3pass", 170 320 $member_options); 171 321 172 $ret or die("Unable to provision"); 173 174 my $net = $self->binpath("net"); 322 $ret or return undef; 323 324 my $nmblookup = Samba::bindir_path($self, "nmblookup"); 325 do { 326 print "Waiting for the LOGON SERVER registration ...\n"; 327 $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c"); 328 if ($rc != 0) { 329 sleep(1); 330 } 331 $count++; 332 } while ($rc != 0 && $count < 10); 333 if ($count == 10) { 334 print "NMBD not reachable after 10 retries\n"; 335 teardown_env($self, $ret); 336 return 0; 337 } 338 339 my $net = Samba::bindir_path($self, "net"); 175 340 my $cmd = ""; 176 341 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 177 $cmd .= "$net join $ret->{CONFIGURATION} $s3dcvars->{DOMAIN} member"; 178 $cmd .= " -U$s3dcvars->{USERNAME}\%$s3dcvars->{PASSWORD}"; 179 180 system($cmd) == 0 or die("Join failed\n$cmd"); 181 182 $self->check_or_start($ret, 183 ($ENV{SMBD_MAXTIME} or 2700), 184 "yes", "yes", "yes"); 185 186 $self->wait_for_start($ret); 187 188 $ret->{DC_SERVER} = $s3dcvars->{SERVER}; 189 $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP}; 190 $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME}; 191 $ret->{DC_USERNAME} = $s3dcvars->{USERNAME}; 192 $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD}; 342 $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; 343 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; 344 345 if (system($cmd) != 0) { 346 warn("Join failed\n$cmd"); 347 return undef; 348 } 349 350 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 351 return undef; 352 } 353 354 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; 355 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; 356 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; 357 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; 358 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; 359 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; 193 360 194 361 return $ret; 195 362 } 196 363 197 sub setup_secshare($$) 364 sub setup_admember($$$$) 365 { 366 my ($self, $prefix, $dcvars) = @_; 367 368 # If we didn't build with ADS, pretend this env was never available 369 if (not $self->have_ads()) { 370 return "UNKNOWN"; 371 } 372 373 print "PROVISIONING S3 AD MEMBER..."; 374 375 my $member_options = " 376 security = ads 377 server signing = on 378 workgroup = $dcvars->{DOMAIN} 379 realm = $dcvars->{REALM} 380 "; 381 382 my $ret = $self->provision($prefix, 383 "LOCALADMEMBER", 384 "loCalMemberPass", 385 $member_options, 386 $dcvars->{SERVER_IP}, 387 $dcvars->{SERVER_IPV6}); 388 389 $ret or return undef; 390 391 close(USERMAP); 392 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 393 $ret->{REALM} = $dcvars->{REALM}; 394 395 my $ctx; 396 my $prefix_abs = abs_path($prefix); 397 $ctx = {}; 398 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 399 $ctx->{domain} = $dcvars->{DOMAIN}; 400 $ctx->{realm} = $dcvars->{REALM}; 401 $ctx->{dnsname} = lc($dcvars->{REALM}); 402 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 403 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 404 Samba::mk_krb5_conf($ctx, ""); 405 406 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 407 408 my $net = Samba::bindir_path($self, "net"); 409 my $cmd = ""; 410 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 411 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 412 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 413 } else { 414 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 415 } 416 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 417 $cmd .= "$net join $ret->{CONFIGURATION}"; 418 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 419 420 if (system($cmd) != 0) { 421 warn("Join failed\n$cmd"); 422 return undef; 423 } 424 425 # We need world access to this share, as otherwise the domain 426 # administrator from the AD domain provided by Samba4 can't 427 # access the share for tests. 428 chmod 0777, "$prefix/share"; 429 430 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 431 return undef; 432 } 433 434 $ret->{DC_SERVER} = $dcvars->{SERVER}; 435 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 436 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 437 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 438 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 439 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 440 441 # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env 442 $ret->{target} = $self; 443 444 return $ret; 445 } 446 447 sub setup_admember_rfc2307($$$$) 448 { 449 my ($self, $prefix, $dcvars) = @_; 450 451 # If we didn't build with ADS, pretend this env was never available 452 if (not $self->have_ads()) { 453 return "UNKNOWN"; 454 } 455 456 print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; 457 458 my $member_options = " 459 security = ads 460 server signing = on 461 workgroup = $dcvars->{DOMAIN} 462 realm = $dcvars->{REALM} 463 idmap config $dcvars->{DOMAIN} : backend = rfc2307 464 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 465 idmap config $dcvars->{DOMAIN} : ldap_server = ad 466 idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com 467 idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com 468 "; 469 470 my $ret = $self->provision($prefix, 471 "RFC2307MEMBER", 472 "loCalMemberPass", 473 $member_options, 474 $dcvars->{SERVER_IP}, 475 $dcvars->{SERVER_IPV6}); 476 477 $ret or return undef; 478 479 close(USERMAP); 480 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 481 $ret->{REALM} = $dcvars->{REALM}; 482 483 my $ctx; 484 my $prefix_abs = abs_path($prefix); 485 $ctx = {}; 486 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 487 $ctx->{domain} = $dcvars->{DOMAIN}; 488 $ctx->{realm} = $dcvars->{REALM}; 489 $ctx->{dnsname} = lc($dcvars->{REALM}); 490 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 491 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 492 Samba::mk_krb5_conf($ctx, ""); 493 494 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 495 496 my $net = Samba::bindir_path($self, "net"); 497 my $cmd = ""; 498 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 499 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 500 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 501 } else { 502 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 503 } 504 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 505 $cmd .= "$net join $ret->{CONFIGURATION}"; 506 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 507 508 if (system($cmd) != 0) { 509 warn("Join failed\n$cmd"); 510 return undef; 511 } 512 513 # We need world access to this share, as otherwise the domain 514 # administrator from the AD domain provided by Samba4 can't 515 # access the share for tests. 516 chmod 0777, "$prefix/share"; 517 518 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 519 return undef; 520 } 521 522 $ret->{DC_SERVER} = $dcvars->{SERVER}; 523 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 524 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 525 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 526 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 527 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 528 529 # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env 530 $ret->{target} = $self; 531 532 return $ret; 533 } 534 535 sub setup_simpleserver($$) 198 536 { 199 537 my ($self, $path) = @_; 200 538 201 print "PROVISIONING server with security=share..."; 202 203 my $secshare_options = " 204 security = share 539 print "PROVISIONING simple server..."; 540 541 my $prefix_abs = abs_path($path); 542 543 my $simpleserver_options = " 205 544 lanman auth = yes 545 vfs objects = xattr_tdb streams_depot 546 change notify = no 547 548 [vfs_aio_fork] 549 path = $prefix_abs/share 550 vfs objects = aio_fork 551 read only = no 552 vfs_aio_fork:erratic_testing_mode=yes 206 553 "; 207 554 208 555 my $vars = $self->provision($path, 209 556 "LOCALSHARE4", 210 4,211 557 "local4pass", 212 $s ecshare_options);213 214 $ self->check_or_start($vars,215 ($ENV{SMBD_MAXTIME} or 2700), 216 "yes", "no", "yes");217 218 $self->wait_for_start($vars);219 220 $self->{vars}->{s ecshare} = $vars;558 $simpleserver_options); 559 560 $vars or return undef; 561 562 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 563 return undef; 564 } 565 566 $self->{vars}->{simpleserver} = $vars; 221 567 222 568 return $vars; 223 569 } 224 570 225 sub setup_ secserver($$$)571 sub setup_fileserver($$) 226 572 { 227 my ($self, $prefix, $s3dcvars) = @_; 228 229 print "PROVISIONING server with security=server..."; 230 231 my $secserver_options = " 232 security = server 233 password server = $s3dcvars->{SERVER_IP} 234 client ntlmv2 auth = no 573 my ($self, $path) = @_; 574 my $prefix_abs = abs_path($path); 575 my $srcdir_abs = abs_path($self->{srcdir}); 576 577 print "PROVISIONING file server ...\n"; 578 579 my @dirs = (); 580 581 mkdir($prefix_abs, 0777); 582 583 my $share_dir="$prefix_abs/share"; 584 585 # Create share directory structure 586 my $lower_case_share_dir="$share_dir/lower-case"; 587 push(@dirs, $lower_case_share_dir); 588 589 my $lower_case_share_dir_30000="$share_dir/lower-case-30000"; 590 push(@dirs, $lower_case_share_dir_30000); 591 592 my $dfree_share_dir="$share_dir/dfree"; 593 push(@dirs, $dfree_share_dir); 594 push(@dirs, "$dfree_share_dir/subdir1"); 595 push(@dirs, "$dfree_share_dir/subdir2"); 596 597 my $valid_users_sharedir="$share_dir/valid_users"; 598 push(@dirs,$valid_users_sharedir); 599 600 my $offline_sharedir="$share_dir/offline"; 601 push(@dirs,$offline_sharedir); 602 603 my $force_user_valid_users_dir = "$share_dir/force_user_valid_users"; 604 push(@dirs, $force_user_valid_users_dir); 605 606 my $smbget_sharedir="$share_dir/smbget"; 607 push(@dirs,$smbget_sharedir); 608 609 my $fileserver_options = " 610 [lowercase] 611 path = $lower_case_share_dir 612 comment = smb username is [%U] 613 case sensitive = True 614 default case = lower 615 preserve case = no 616 short preserve case = no 617 [lowercase-30000] 618 path = $lower_case_share_dir_30000 619 comment = smb username is [%U] 620 case sensitive = True 621 default case = lower 622 preserve case = no 623 short preserve case = no 624 [dfree] 625 path = $dfree_share_dir 626 comment = smb username is [%U] 627 dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh 628 [valid-users-access] 629 path = $valid_users_sharedir 630 valid users = +userdup 631 [offline] 632 path = $offline_sharedir 633 vfs objects = offline 634 635 # BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878 636 # RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651 637 [force_user_valid_users] 638 path = $force_user_valid_users_dir 639 comment = force user with valid users combination test share 640 valid users = +force_user 641 force user = force_user 642 force group = everyone 643 write list = force_user 644 645 [smbget] 646 path = $smbget_sharedir 647 comment = smb username is [%U] 648 guest ok = yes 235 649 "; 236 650 651 my $vars = $self->provision($path, 652 "FILESERVER", 653 "fileserver", 654 $fileserver_options, 655 undef, 656 undef, 657 1); 658 659 $vars or return undef; 660 661 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 662 return undef; 663 } 664 665 $self->{vars}->{fileserver} = $vars; 666 667 mkdir($_, 0777) foreach(@dirs); 668 669 ## Create case sensitive lower case share dir 670 foreach my $file ('a'..'z') { 671 my $full_path = $lower_case_share_dir . '/' . $file; 672 open my $fh, '>', $full_path; 673 # Add some content to file 674 print $fh $full_path; 675 close $fh; 676 } 677 678 for (my $file = 1; $file < 51; ++$file) { 679 my $full_path = $lower_case_share_dir . '/' . $file; 680 open my $fh, '>', $full_path; 681 # Add some content to file 682 print $fh $full_path; 683 close $fh; 684 } 685 686 # Create content for 30000 share 687 foreach my $file ('a'..'z') { 688 my $full_path = $lower_case_share_dir_30000 . '/' . $file; 689 open my $fh, '>', $full_path; 690 # Add some content to file 691 print $fh $full_path; 692 close $fh; 693 } 694 695 for (my $file = 1; $file < 30001; ++$file) { 696 my $full_path = $lower_case_share_dir_30000 . '/' . $file; 697 open my $fh, '>', $full_path; 698 # Add some content to file 699 print $fh $full_path; 700 close $fh; 701 } 702 703 ## 704 ## create a listable file in valid_users_share 705 ## 706 my $valid_users_target = "$valid_users_sharedir/foo"; 707 unless (open(VALID_USERS_TARGET, ">$valid_users_target")) { 708 warn("Unable to open $valid_users_target"); 709 return undef; 710 } 711 close(VALID_USERS_TARGET); 712 chmod 0644, $valid_users_target; 713 714 return $vars; 715 } 716 717 sub setup_ktest($$$) 718 { 719 my ($self, $prefix) = @_; 720 721 # If we didn't build with ADS, pretend this env was never available 722 if (not $self->have_ads()) { 723 return "UNKNOWN"; 724 } 725 726 print "PROVISIONING server with security=ads..."; 727 728 my $ktest_options = " 729 workgroup = KTEST 730 realm = ktest.samba.example.com 731 security = ads 732 username map = $prefix/lib/username.map 733 server signing = required 734 "; 735 237 736 my $ret = $self->provision($prefix, 238 "LOCALSERVER5", 239 5, 240 "localserver5pass", 241 $secserver_options); 242 243 $ret or die("Unable to provision"); 244 245 $self->check_or_start($ret, 246 ($ENV{SMBD_MAXTIME} or 2700), 247 "yes", "no", "yes"); 248 249 $self->wait_for_start($ret); 250 251 $ret->{DC_SERVER} = $s3dcvars->{SERVER}; 252 $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP}; 253 $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME}; 254 $ret->{DC_USERNAME} = $s3dcvars->{USERNAME}; 255 $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD}; 256 737 "LOCALKTEST6", 738 "localktest6pass", 739 $ktest_options); 740 741 $ret or return undef; 742 743 my $ctx; 744 my $prefix_abs = abs_path($prefix); 745 $ctx = {}; 746 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 747 $ctx->{domain} = "KTEST"; 748 $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM"; 749 $ctx->{dnsname} = lc($ctx->{realm}); 750 $ctx->{kdc_ipv4} = "0.0.0.0"; 751 $ctx->{kdc_ipv6} = "::"; 752 Samba::mk_krb5_conf($ctx, ""); 753 754 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 755 756 open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); 757 print USERMAP " 758 $ret->{USERNAME} = KTEST\\Administrator 759 "; 760 close(USERMAP); 761 762 #This is the secrets.tdb created by 'net ads join' from Samba3 to a 763 #Samba4 DC with the same parameters as are being used here. The 764 #domain SID is S-1-5-21-1071277805-689288055-3486227160 765 766 system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); 767 chmod 0600, "$prefix/private/secrets.tdb"; 768 769 #Make sure there's no old ntdb file. 770 system("rm -f $prefix/private/secrets.ntdb"); 771 772 #This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: 773 # "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232" 774 # 775 #and having in krb5.conf: 776 # ticket_lifetime = 799718400 777 # renew_lifetime = 799718400 778 # 779 # The commands for the -2 keytab where were: 780 # kinit administrator@KTEST.SAMBA.EXAMPLE.COM 781 # kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM 782 # kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM 783 # kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM 784 # kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM 785 # 786 # and then for the -3 keytab, I did 787 # 788 # net changetrustpw; kdestroy and the same again. 789 # 790 # This creates a credential cache with a very long lifetime (2036 at 791 # at 2011-04), and shows that running 'net changetrustpw' does not 792 # break existing logins (for the secrets.tdb method at least). 793 # 794 795 $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; 796 797 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); 798 chmod 0600, "$prefix/krb5_ccache-2"; 799 800 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); 801 chmod 0600, "$prefix/krb5_ccache-3"; 802 803 # We need world access to this share, as otherwise the domain 804 # administrator from the AD domain provided by ktest can't 805 # access the share for tests. 806 chmod 0777, "$prefix/share"; 807 808 if (not $self->check_or_start($ret, "yes", "no", "yes")) { 809 return undef; 810 } 257 811 return $ret; 812 } 813 814 sub setup_maptoguest($$) 815 { 816 my ($self, $path) = @_; 817 818 print "PROVISIONING maptoguest..."; 819 820 my $options = " 821 map to guest = bad user 822 "; 823 824 my $vars = $self->provision($path, 825 "maptoguest", 826 "maptoguestpass", 827 $options); 828 829 $vars or return undef; 830 831 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 832 return undef; 833 } 834 835 $self->{vars}->{s3maptoguest} = $vars; 836 837 return $vars; 258 838 } 259 839 … … 288 868 289 869 sub check_or_start($$$$$) { 290 my ($self, $env_vars, $maxtime, $nmbd, $winbindd, $smbd) = @_; 870 my ($self, $env_vars, $nmbd, $winbindd, $smbd) = @_; 871 872 # use a pipe for stdin in the child processes. This allows 873 # those processes to monitor the pipe for EOF to ensure they 874 # exit when the test script exits 875 pipe(STDIN_READER, $env_vars->{STDIN_PIPE}); 291 876 292 877 unlink($env_vars->{NMBD_TEST_LOG}); … … 299 884 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); 300 885 301 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; 886 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; 887 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}; 302 888 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; 303 889 304 890 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; 305 891 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; 306 $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; 892 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS}; 893 $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME}; 894 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}; 895 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}; 896 $ENV{UID_WRAPPER_ROOT} = "1"; 897 898 $ENV{ENVNAME} = "$ENV{ENVNAME}.nmbd"; 307 899 308 900 if ($nmbd ne "yes") { … … 312 904 exit 0; 313 905 }; 314 sleep($ maxtime);906 sleep($self->{server_maxtime}); 315 907 exit 0; 316 908 } 317 909 910 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "nmbd"); 318 911 my @optargs = ("-d0"); 319 912 if (defined($ENV{NMBD_OPTIONS})) { 320 913 @optargs = split(/ /, $ENV{NMBD_OPTIONS}); 321 914 } 322 323 $ENV{MAKE_TEST_BINARY} = $self->binpath("nmbd"); 324 325 my @preargs = ($self->binpath("timelimit"), $maxtime); 915 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); 326 916 if(defined($ENV{NMBD_VALGRIND})) { 327 917 @preargs = split(/ /, $ENV{NMBD_VALGRIND}); 328 918 } 329 330 exec(@preargs, $self->binpath("nmbd"), "-F", "--no-process-group", "-S", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start nmbd: $!"); 331 } 919 my @args = ("-F", "--no-process-group", 920 "-s", $env_vars->{SERVERCONFFILE}, 921 "-l", $env_vars->{LOGDIR}); 922 if (not defined($ENV{NMBD_DONT_LOG_STDOUT})) { 923 push(@args, "--log-stdout"); 924 } 925 926 close($env_vars->{STDIN_PIPE}); 927 open STDIN, ">&", \*STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 928 929 exec(@preargs, $ENV{MAKE_TEST_BINARY}, @args, @optargs) 930 or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!"); 931 } 932 $env_vars->{NMBD_TL_PID} = $pid; 332 933 write_pid($env_vars, "nmbd", $pid); 333 934 print "DONE\n"; … … 342 943 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); 343 944 344 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; 945 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; 946 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}; 345 947 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; 346 948 347 949 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; 348 950 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; 349 $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; 951 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS}; 952 $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME}; 953 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}; 954 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}; 955 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) { 956 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF}; 957 } else { 958 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS}; 959 } 960 $ENV{UID_WRAPPER_ROOT} = "1"; 961 962 $ENV{ENVNAME} = "$ENV{ENVNAME}.winbindd"; 350 963 351 964 if ($winbindd ne "yes") { … … 355 968 exit 0; 356 969 }; 357 sleep($ maxtime);970 sleep($self->{server_maxtime}); 358 971 exit 0; 359 972 } 360 973 974 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "winbindd"); 361 975 my @optargs = ("-d0"); 362 976 if (defined($ENV{WINBINDD_OPTIONS})) { 363 977 @optargs = split(/ /, $ENV{WINBINDD_OPTIONS}); 364 978 } 365 366 $ENV{MAKE_TEST_BINARY} = $self->binpath("winbindd"); 367 368 my @preargs = ($self->binpath("timelimit"), $maxtime); 979 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); 369 980 if(defined($ENV{WINBINDD_VALGRIND})) { 370 981 @preargs = split(/ /, $ENV{WINBINDD_VALGRIND}); 371 982 } 372 373 exec(@preargs, $self->binpath("winbindd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start winbindd: $!"); 374 } 983 my @args = ("-F", "--no-process-group", 984 "-s", $env_vars->{SERVERCONFFILE}, 985 "-l", $env_vars->{LOGDIR}); 986 if (not defined($ENV{WINBINDD_DONT_LOG_STDOUT})) { 987 push(@args, "--stdout"); 988 } 989 990 close($env_vars->{STDIN_PIPE}); 991 open STDIN, ">&", \*STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 992 993 exec(@preargs, $ENV{MAKE_TEST_BINARY}, @args, @optargs) 994 or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!"); 995 } 996 $env_vars->{WINBINDD_TL_PID} = $pid; 375 997 write_pid($env_vars, "winbindd", $pid); 376 998 print "DONE\n"; … … 385 1007 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); 386 1008 387 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; 1009 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; 1010 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}; 388 1011 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; 389 1012 390 1013 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; 391 1014 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; 392 $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; 1015 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS}; 1016 $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME}; 1017 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}; 1018 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}; 1019 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) { 1020 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF}; 1021 } else { 1022 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS}; 1023 } 1024 $ENV{UID_WRAPPER_ROOT} = "1"; 1025 1026 $ENV{ENVNAME} = "$ENV{ENVNAME}.smbd"; 393 1027 394 1028 if ($smbd ne "yes") { … … 398 1032 exit 0; 399 1033 }; 400 sleep($ maxtime);1034 sleep($self->{server_maxtime}); 401 1035 exit 0; 402 1036 } 403 1037 404 $ENV{MAKE_TEST_BINARY} = $self->binpath("smbd");1038 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "smbd"); 405 1039 my @optargs = ("-d0"); 406 1040 if (defined($ENV{SMBD_OPTIONS})) { 407 1041 @optargs = split(/ /, $ENV{SMBD_OPTIONS}); 408 1042 } 409 my @preargs = ( $self->binpath("timelimit"), $maxtime);1043 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); 410 1044 if(defined($ENV{SMBD_VALGRIND})) { 411 1045 @preargs = split(/ /,$ENV{SMBD_VALGRIND}); 412 1046 } 413 exec(@preargs, $self->binpath("smbd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start smbd: $!"); 414 } 1047 my @args = ("-F", "--no-process-group", 1048 "-s", $env_vars->{SERVERCONFFILE}, 1049 "-l", $env_vars->{LOGDIR}); 1050 if (not defined($ENV{SMBD_DONT_LOG_STDOUT})) { 1051 push(@args, "--log-stdout"); 1052 } 1053 1054 close($env_vars->{STDIN_PIPE}); 1055 open STDIN, ">&", \*STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 1056 1057 exec(@preargs, $ENV{MAKE_TEST_BINARY}, @args, @optargs) 1058 or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!"); 1059 } 1060 $env_vars->{SMBD_TL_PID} = $pid; 415 1061 write_pid($env_vars, "smbd", $pid); 416 1062 print "DONE\n"; 417 1063 418 return 0; 419 } 420 421 sub provision($$$$$$) 1064 close(STDIN_READER); 1065 1066 return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd); 1067 } 1068 1069 sub createuser($$$$) 422 1070 { 423 my ($self, $prefix, $server, $swiface, $password, $extra_options) = @_; 1071 my ($self, $username, $password, $conffile) = @_; 1072 my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null"; 1073 unless (open(PWD, "|$cmd")) { 1074 warn("Unable to set password for $username account\n$cmd"); 1075 return undef; 1076 } 1077 print PWD "$password\n$password\n"; 1078 unless (close(PWD)) { 1079 warn("Unable to set password for $username account\n$cmd"); 1080 return undef; 1081 } 1082 print "DONE\n"; 1083 } 1084 1085 sub provision($$$$$$$$) 1086 { 1087 my ($self, $prefix, $server, $password, $extra_options, $dc_server_ip, $dc_server_ipv6, $no_delete_prefix) = @_; 424 1088 425 1089 ## … … 427 1091 ## 428 1092 1093 my $swiface = Samba::get_interface($server); 429 1094 my %ret = (); 430 1095 my $server_ip = "127.0.0.$swiface"; 1096 my $server_ipv6 = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); 431 1097 my $domain = "SAMBA-TEST"; 432 1098 … … 439 1105 my $prefix_abs = abs_path($prefix); 440 1106 my $bindir_abs = abs_path($self->{bindir}); 441 my $vfs_modulesdir_abs = ($ENV{VFSLIBDIR} or $bindir_abs);442 1107 443 1108 my @dirs = (); … … 481 1146 my $msdfs_deeppath="$msdfs_shrdir/deeppath"; 482 1147 push(@dirs,$msdfs_deeppath); 1148 1149 my $badnames_shrdir="$shrdir/badnames"; 1150 push(@dirs,$badnames_shrdir); 1151 1152 my $lease1_shrdir="$shrdir/SMB2_10"; 1153 push(@dirs,$lease1_shrdir); 1154 1155 my $lease2_shrdir="$shrdir/SMB3_00"; 1156 push(@dirs,$lease2_shrdir); 1157 1158 my $manglenames_shrdir="$shrdir/manglenames"; 1159 push(@dirs,$manglenames_shrdir); 1160 1161 my $widelinks_shrdir="$shrdir/widelinks"; 1162 push(@dirs,$widelinks_shrdir); 1163 1164 my $widelinks_linkdir="$shrdir/widelinks_foo"; 1165 push(@dirs,$widelinks_linkdir); 1166 1167 my $shadow_tstdir="$shrdir/shadow"; 1168 push(@dirs,$shadow_tstdir); 1169 my $shadow_mntdir="$shadow_tstdir/mount"; 1170 push(@dirs,$shadow_mntdir); 1171 my $shadow_basedir="$shadow_mntdir/base"; 1172 push(@dirs,$shadow_basedir); 1173 my $shadow_shrdir="$shadow_basedir/share"; 1174 push(@dirs,$shadow_shrdir); 483 1175 484 1176 # this gets autocreated by winbindd … … 497 1189 mkdir($prefix_abs, 0777); 498 1190 print "CREATE TEST ENVIRONMENT IN '$prefix'..."; 499 system("rm -rf $prefix_abs/*"); 1191 if (not defined($no_delete_prefix) or not $no_delete_prefix) { 1192 system("rm -rf $prefix_abs/*"); 1193 } 500 1194 mkdir($_, 0777) foreach(@dirs); 1195 1196 my $fs_specific_conf = $self->get_fs_specific_conf($shrdir); 1197 1198 ## 1199 ## lockdir and piddir must be 0755 1200 ## 1201 chmod 0755, $lockdir; 1202 chmod 0755, $piddir; 1203 501 1204 502 1205 ## … … 506 1209 chmod 0755, $ro_shrdir; 507 1210 my $unreadable_file = "$ro_shrdir/unreadable_file"; 508 open(UNREADABLE_FILE, ">$unreadable_file") or die("Unable to open $unreadable_file"); 1211 unless (open(UNREADABLE_FILE, ">$unreadable_file")) { 1212 warn("Unable to open $unreadable_file"); 1213 return undef; 1214 } 509 1215 close(UNREADABLE_FILE); 510 1216 chmod 0600, $unreadable_file; 511 1217 512 1218 my $msdfs_target = "$ro_shrdir/msdfs-target"; 513 open(MSDFS_TARGET, ">$msdfs_target") or die("Unable to open $msdfs_target"); 1219 unless (open(MSDFS_TARGET, ">$msdfs_target")) { 1220 warn("Unable to open $msdfs_target"); 1221 return undef; 1222 } 514 1223 close(MSDFS_TARGET); 515 1224 chmod 0666, $msdfs_target; 516 symlink "msdfs:$server_ip\\ro-tmp", "$msdfs_shrdir/msdfs-src1"; 517 symlink "msdfs:$server_ip\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; 1225 symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp", 1226 "$msdfs_shrdir/msdfs-src1"; 1227 symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; 1228 1229 ## 1230 ## create bad names in $badnames_shrdir 1231 ## 1232 ## (An invalid name, would be mangled to 8.3). 1233 my $badname_target = "$badnames_shrdir/\340|\231\216\377\177"; 1234 unless (open(BADNAME_TARGET, ">$badname_target")) { 1235 warn("Unable to open $badname_target"); 1236 return undef; 1237 } 1238 close(BADNAME_TARGET); 1239 chmod 0666, $badname_target; 1240 1241 ## (A bad name, would not be mangled to 8.3). 1242 my $badname_target = "$badnames_shrdir/\240\276\346\327\377\177"; 1243 unless (open(BADNAME_TARGET, ">$badname_target")) { 1244 warn("Unable to open $badname_target"); 1245 return undef; 1246 } 1247 close(BADNAME_TARGET); 1248 chmod 0666, $badname_target; 1249 1250 ## (A bad good name). 1251 my $badname_target = "$badnames_shrdir/blank.txt"; 1252 unless (open(BADNAME_TARGET, ">$badname_target")) { 1253 warn("Unable to open $badname_target"); 1254 return undef; 1255 } 1256 close(BADNAME_TARGET); 1257 chmod 0666, $badname_target; 1258 1259 ## 1260 ## create mangleable directory names in $manglenames_shrdir 1261 ## 1262 my $manglename_target = "$manglenames_shrdir/foo:bar"; 1263 mkdir($manglename_target, 0777); 1264 1265 ## 1266 ## create symlinks for widelinks tests. 1267 ## 1268 my $widelinks_target = "$widelinks_linkdir/target"; 1269 unless (open(WIDELINKS_TARGET, ">$widelinks_target")) { 1270 warn("Unable to open $widelinks_target"); 1271 return undef; 1272 } 1273 close(WIDELINKS_TARGET); 1274 chmod 0666, $widelinks_target; 1275 ## 1276 ## This link should get ACCESS_DENIED 1277 ## 1278 symlink "$widelinks_target", "$widelinks_shrdir/source"; 1279 ## 1280 ## This link should be allowed 1281 ## 1282 symlink "$widelinks_shrdir", "$widelinks_shrdir/dot"; 518 1283 519 1284 my $conffile="$libdir/server.conf"; 1285 my $dfqconffile="$libdir/dfq.conf"; 520 1286 521 1287 my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/lib/nss_wrapper/nss_wrapper.pl"; 522 1288 my $nss_wrapper_passwd = "$privatedir/passwd"; 523 1289 my $nss_wrapper_group = "$privatedir/group"; 1290 my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts"; 1291 my $resolv_conf = "$privatedir/resolv.conf"; 1292 my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file"; 524 1293 525 1294 my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl"; 526 1295 1296 my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl"; 1297 527 1298 my @eventlog_list = ("dns server", "application"); 528 1299 … … 532 1303 533 1304 my ($max_uid, $max_gid); 534 my ($uid_nobody, $uid_root); 535 my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers); 536 537 if ($unix_uid < 0xffff - 2) { 1305 my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup); 1306 my ($uid_pdbtest_wkn); 1307 my ($uid_smbget); 1308 my ($uid_force_user); 1309 my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins); 1310 my ($gid_userdup, $gid_everyone); 1311 my ($gid_force_user); 1312 1313 if ($unix_uid < 0xffff - 7) { 538 1314 $max_uid = 0xffff; 539 1315 } else { … … 543 1319 $uid_root = $max_uid - 1; 544 1320 $uid_nobody = $max_uid - 2; 545 546 if ($unix_gids[0] < 0xffff - 3) { 1321 $uid_pdbtest = $max_uid - 3; 1322 $uid_pdbtest2 = $max_uid - 4; 1323 $uid_userdup = $max_uid - 5; 1324 $uid_pdbtest_wkn = $max_uid - 6; 1325 $uid_force_user = $max_uid - 7; 1326 $uid_smbget = $max_uid - 8; 1327 1328 if ($unix_gids[0] < 0xffff - 8) { 547 1329 $max_gid = 0xffff; 548 1330 } else { … … 554 1336 $gid_root = $max_gid - 3; 555 1337 $gid_domusers = $max_gid - 4; 1338 $gid_domadmins = $max_gid - 5; 1339 $gid_userdup = $max_gid - 6; 1340 $gid_everyone = $max_gid - 7; 1341 $gid_force_user = $max_gid - 8; 556 1342 557 1343 ## … … 559 1345 ## 560 1346 561 open(CONF, ">$conffile") or die("Unable to open $conffile"); 1347 unless (open(CONF, ">$conffile")) { 1348 warn("Unable to open $conffile"); 1349 return undef; 1350 } 562 1351 print CONF " 563 1352 [global] 564 1353 netbios name = $server 565 interfaces = $server_ip/8 1354 interfaces = $server_ip/8 $server_ipv6/64 566 1355 bind interfaces only = yes 567 panic action = $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) 1356 panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) 1357 smbd:suicide mode = yes 568 1358 569 1359 workgroup = $domain … … 573 1363 lock directory = $lockdir 574 1364 log file = $logdir/log.\%m 575 log level = 01365 log level = 1 576 1366 debug pid = yes 577 578 name resolve order = bcast 1367 max log size = 0 579 1368 580 1369 state directory = $lockdir … … 600 1389 kernel oplocks = no 601 1390 kernel change notify = no 602 603 syslog = no 1391 smb2 leases = yes 1392 1393 logging = file 604 1394 printing = bsd 605 1395 printcap name = /dev/null 606 1396 607 winbindd :socket dir= $wbsockdir1397 winbindd socket directory = $wbsockdir 608 1398 nmbd:socket dir = $nmbdsockdir 609 1399 idmap config * : range = 100000-200000 610 1400 winbind enum users = yes 611 1401 winbind enum groups = yes 1402 winbind separator = / 612 1403 613 1404 # min receivefile size = 4000 614 1405 615 max protocol = SMB2616 1406 read only = no 617 1407 server signing = auto 618 1408 619 1409 smbd:sharedelay = 100000 620 #smbd:writetimeupdatedelay = 5000001410 smbd:writetimeupdatedelay = 500000 621 1411 map hidden = no 622 1412 map system = no … … 624 1414 store dos attributes = yes 625 1415 create mask = 755 626 vfs objects = $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so 1416 dos filemode = yes 1417 strict rename = yes 1418 strict sync = yes 1419 vfs objects = acl_xattr fake_acls xattr_tdb streams_depot 627 1420 628 1421 printing = vlp … … 635 1428 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p 636 1429 lpq cache time = 0 637 638 ncalrpc dir = $lockdir/ncalrpc 639 rpc_server:epmapper = embedded 1430 print notify backchannel = yes 1431 1432 ncalrpc dir = $prefix_abs/ncalrpc 1433 1434 # The samba3.blackbox.smbclient_s3 test uses this to test that 1435 # sending messages works, and that the %m sub works. 1436 message command = mv %s $shrdir/message.%m 1437 1438 # fsrvp server requires registry shares 1439 registry shares = yes 1440 1441 # Used by RPC SRVSVC tests 1442 add share command = $bindir_abs/smbaddshare 1443 change share command = $bindir_abs/smbchangeshare 1444 delete share command = $bindir_abs/smbdeleteshare 1445 1446 # fruit:copyfile is a global option 1447 fruit:copyfile = yes 1448 1449 #this does not mean that we use non-secure test env, 1450 #it just means we ALLOW one to be configured. 1451 allow insecure wide links = yes 640 1452 641 1453 # Begin extra options … … 653 1465 [tmp] 654 1466 path = $shrdir 655 comment = smb username is [%U] 656 vfs objects = $vfs_modulesdir_abs/dirsort.so 1467 comment = smb username is [%U] 1468 [tmpsort] 1469 path = $shrdir 1470 comment = Load dirsort module 1471 vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot 1472 [tmpenc] 1473 path = $shrdir 1474 comment = encrypt smb username is [%U] 1475 smb encrypt = required 1476 vfs objects = dirsort 657 1477 [tmpguest] 658 1478 path = $shrdir … … 666 1486 force user = $unix_name 667 1487 guest ok = yes 1488 [forceuser_unixonly] 1489 comment = force a user with unix user SID and group SID 1490 path = $shrdir 1491 force user = pdbtest 1492 guest ok = yes 1493 [forceuser_wkngroup] 1494 comment = force a user with well-known group SID 1495 path = $shrdir 1496 force user = pdbtest_wkn 1497 guest ok = yes 668 1498 [forcegroup] 669 1499 path = $shrdir … … 673 1503 path = $ro_shrdir 674 1504 guest ok = yes 1505 [write-list-tmp] 1506 path = $shrdir 1507 read only = yes 1508 write list = $unix_name 1509 [valid-users-tmp] 1510 path = $shrdir 1511 valid users = $unix_name 675 1512 [msdfs-share] 676 1513 path = $msdfs_shrdir 677 1514 msdfs root = yes 1515 msdfs shuffle referrals = yes 678 1516 guest ok = yes 679 1517 [hideunread] … … 686 1524 copy = tmp 687 1525 hide unwriteable files = yes 1526 [durable] 1527 copy = tmp 1528 kernel share modes = no 1529 kernel oplocks = no 1530 posix locking = no 1531 [fs_specific] 1532 copy = tmp 1533 $fs_specific_conf 688 1534 [print1] 689 1535 copy = tmp … … 694 1540 [print3] 695 1541 copy = print1 1542 default devmode = no 696 1543 [lp] 697 1544 copy = print1 1545 1546 [nfs4acl_simple] 1547 path = $shrdir 1548 comment = smb username is [%U] 1549 nfs4:mode = simple 1550 vfs objects = nfs4acl_xattr xattr_tdb 1551 1552 [nfs4acl_special] 1553 path = $shrdir 1554 comment = smb username is [%U] 1555 nfs4:mode = special 1556 vfs objects = nfs4acl_xattr xattr_tdb 1557 1558 [xcopy_share] 1559 path = $shrdir 1560 comment = smb username is [%U] 1561 create mask = 777 1562 force create mode = 777 1563 [posix_share] 1564 path = $shrdir 1565 comment = smb username is [%U] 1566 create mask = 0777 1567 force create mode = 0 1568 directory mask = 0777 1569 force directory mode = 0 1570 vfs objects = xattr_tdb 1571 [aio] 1572 copy = tmp 1573 aio read size = 1 1574 aio write size = 1 1575 698 1576 [print\$] 699 1577 copy = tmp 1578 1579 [vfs_fruit] 1580 path = $shrdir 1581 vfs objects = catia fruit streams_xattr acl_xattr 1582 ea support = yes 1583 fruit:ressource = file 1584 fruit:metadata = netatalk 1585 fruit:locking = netatalk 1586 fruit:encoding = native 1587 1588 [badname-tmp] 1589 path = $badnames_shrdir 1590 guest ok = yes 1591 1592 [manglenames_share] 1593 path = $manglenames_shrdir 1594 guest ok = yes 1595 1596 [dynamic_share] 1597 path = $shrdir/%R 1598 guest ok = yes 1599 1600 [widelinks_share] 1601 path = $widelinks_shrdir 1602 wide links = no 1603 guest ok = yes 1604 1605 [fsrvp_share] 1606 path = $shrdir 1607 comment = fake shapshots using rsync 1608 vfs objects = shell_snap shadow_copy2 1609 shell_snap:check path command = $fake_snap_pl --check 1610 shell_snap:create command = $fake_snap_pl --create 1611 shell_snap:delete command = $fake_snap_pl --delete 1612 # a relative path here fails, the snapshot dir is no longer found 1613 shadow:snapdir = $shrdir/.snapshots 1614 1615 [shadow1] 1616 path = $shadow_shrdir 1617 comment = previous versions snapshots under mount point 1618 vfs objects = shadow_copy2 1619 shadow:mountpoint = $shadow_mntdir 1620 1621 [shadow2] 1622 path = $shadow_shrdir 1623 comment = previous versions snapshots outside mount point 1624 vfs objects = shadow_copy2 1625 shadow:mountpoint = $shadow_mntdir 1626 shadow:snapdir = $shadow_tstdir/.snapshots 1627 1628 [shadow3] 1629 path = $shadow_shrdir 1630 comment = previous versions with subvolume snapshots, snapshots under base dir 1631 vfs objects = shadow_copy2 1632 shadow:mountpoint = $shadow_mntdir 1633 shadow:basedir = $shadow_basedir 1634 shadow:snapdir = $shadow_basedir/.snapshots 1635 1636 [shadow4] 1637 path = $shadow_shrdir 1638 comment = previous versions with subvolume snapshots, snapshots outside mount point 1639 vfs objects = shadow_copy2 1640 shadow:mountpoint = $shadow_mntdir 1641 shadow:basedir = $shadow_basedir 1642 shadow:snapdir = $shadow_tstdir/.snapshots 1643 1644 [shadow5] 1645 path = $shadow_shrdir 1646 comment = previous versions at volume root snapshots under mount point 1647 vfs objects = shadow_copy2 1648 shadow:mountpoint = $shadow_shrdir 1649 1650 [shadow6] 1651 path = $shadow_shrdir 1652 comment = previous versions at volume root snapshots outside mount point 1653 vfs objects = shadow_copy2 1654 shadow:mountpoint = $shadow_shrdir 1655 shadow:snapdir = $shadow_tstdir/.snapshots 1656 1657 [shadow7] 1658 path = $shadow_shrdir 1659 comment = previous versions snapshots everywhere 1660 vfs objects = shadow_copy2 1661 shadow:mountpoint = $shadow_mntdir 1662 shadow:snapdirseverywhere = yes 1663 1664 [shadow8] 1665 path = $shadow_shrdir 1666 comment = previous versions using snapsharepath 1667 vfs objects = shadow_copy2 1668 shadow:mountpoint = $shadow_mntdir 1669 shadow:snapdir = $shadow_tstdir/.snapshots 1670 shadow:snapsharepath = share 1671 1672 [shadow_wl] 1673 path = $shadow_shrdir 1674 comment = previous versions with wide links allowed 1675 vfs objects = shadow_copy2 1676 shadow:mountpoint = $shadow_mntdir 1677 wide links = yes 1678 [dfq] 1679 path = $shrdir/dfree 1680 vfs objects = fake_dfq 1681 admin users = $unix_name 1682 include = $dfqconffile 700 1683 "; 701 1684 close(CONF); 702 1685 1686 unless (open(DFQCONF, ">$dfqconffile")) { 1687 warn("Unable to open $dfqconffile"); 1688 return undef; 1689 } 1690 close(DFQCONF); 1691 703 1692 ## 704 1693 ## create a test account 705 1694 ## 706 1695 707 open(PASSWD, ">$nss_wrapper_passwd") or die("Unable to open $nss_wrapper_passwd"); 1696 unless (open(PASSWD, ">$nss_wrapper_passwd")) { 1697 warn("Unable to open $nss_wrapper_passwd"); 1698 return undef; 1699 } 708 1700 print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false 709 1701 $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false 1702 pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false 1703 pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false 1704 userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false 1705 pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false 1706 force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false 1707 smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false 710 1708 "; 711 1709 if ($unix_uid != 0) { 712 print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false"; 1710 print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false 1711 "; 713 1712 } 714 1713 close(PASSWD); 715 1714 716 open(GROUP, ">$nss_wrapper_group") or die("Unable to open $nss_wrapper_group"); 1715 unless (open(GROUP, ">$nss_wrapper_group")) { 1716 warn("Unable to open $nss_wrapper_group"); 1717 return undef; 1718 } 717 1719 print GROUP "nobody:x:$gid_nobody: 718 1720 nogroup:x:$gid_nogroup:nobody 719 1721 $unix_name-group:x:$unix_gids[0]: 720 1722 domusers:X:$gid_domusers: 1723 domadmins:X:$gid_domadmins: 1724 userdup:x:$gid_userdup:$unix_name 1725 everyone:x:$gid_everyone: 1726 force_user:x:$gid_force_user: 721 1727 "; 722 1728 if ($unix_gids[0] != 0) { 723 print GROUP "root:x:$gid_root:"; 1729 print GROUP "root:x:$gid_root: 1730 "; 724 1731 } 725 1732 726 1733 close(GROUP); 1734 1735 ## hosts 1736 my $hostname = lc($server); 1737 unless (open(HOSTS, ">>$nss_wrapper_hosts")) { 1738 warn("Unable to open $nss_wrapper_hosts"); 1739 return undef; 1740 } 1741 print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n"; 1742 print HOSTS "${server_ipv6} ${hostname}.samba.example.com ${hostname}\n"; 1743 close(HOSTS); 1744 1745 ## hosts 1746 unless (open(RESOLV_CONF, ">$resolv_conf")) { 1747 warn("Unable to open $resolv_conf"); 1748 return undef; 1749 } 1750 if (defined($dc_server_ip) or defined($dc_server_ipv6)) { 1751 if (defined($dc_server_ip)) { 1752 print RESOLV_CONF "nameserver $dc_server_ip\n"; 1753 } 1754 if (defined($dc_server_ipv6)) { 1755 print RESOLV_CONF "nameserver $dc_server_ipv6\n"; 1756 } 1757 } else { 1758 print RESOLV_CONF "nameserver ${server_ip}\n"; 1759 print RESOLV_CONF "nameserver ${server_ipv6}\n"; 1760 } 1761 close(RESOLV_CONF); 727 1762 728 1763 foreach my $evlog (@eventlog_list) { … … 734 1769 $ENV{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; 735 1770 $ENV{NSS_WRAPPER_GROUP} = $nss_wrapper_group; 736 737 open(PWD, "|".$self->binpath("smbpasswd")." -c $conffile -L -s -a $unix_name >/dev/null"); 738 print PWD "$password\n$password\n"; 739 close(PWD) or die("Unable to set password for test account"); 740 741 print "DONE\n"; 1771 $ENV{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; 1772 $ENV{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; 1773 if ($ENV{SAMBA_DNS_FAKING}) { 1774 $ENV{RESOLV_WRAPPER_CONF} = $resolv_conf; 1775 } else { 1776 $ENV{RESOLV_WRAPPER_HOSTS} = $dns_host_file; 1777 } 1778 1779 createuser($self, $unix_name, $password, $conffile) || die("Unable to create user"); 1780 createuser($self, "force_user", $password, $conffile) || die("Unable to create force_user"); 1781 createuser($self, "smbget_user", $password, $conffile) || die("Unable to create smbget_user"); 1782 1783 open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); 1784 print DNS_UPDATE_LIST "A $server. $server_ip\n"; 1785 print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; 1786 close(DNS_UPDATE_LIST); 742 1787 743 1788 $ret{SERVER_IP} = $server_ip; 1789 $ret{SERVER_IPV6} = $server_ipv6; 744 1790 $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; 745 1791 $ret{NMBD_TEST_LOG_POS} = 0; … … 757 1803 $ret{PASSWORD} = $password; 758 1804 $ret{PIDDIR} = $piddir; 759 $ret{ WINBINDD_SOCKET_DIR} = $wbsockdir;1805 $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir; 760 1806 $ret{WINBINDD_PRIV_PIPE_DIR} = $wbsockprivdir; 761 1807 $ret{NMBD_SOCKET_DIR} = $nmbdsockdir; … … 763 1809 $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; 764 1810 $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; 765 $ret{NSS_WRAPPER_WINBIND_SO_PATH} = $ENV{NSS_WRAPPER_WINBIND_SO_PATH}; 1811 $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; 1812 $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; 1813 $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self); 1814 $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind"; 1815 if ($ENV{SAMBA_DNS_FAKING}) { 1816 $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file; 1817 } else { 1818 $ret{RESOLV_WRAPPER_CONF} = $resolv_conf; 1819 } 766 1820 $ret{LOCAL_PATH} = "$shrdir"; 1821 $ret{LOGDIR} = $logdir; 1822 1823 # 1824 # Avoid hitting system krb5.conf - 1825 # An env that needs Kerberos will reset this to the real 1826 # value. 1827 # 1828 $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf"; 767 1829 768 1830 return \%ret; 769 1831 } 770 1832 771 sub wait_for_start($$ )1833 sub wait_for_start($$$$$) 772 1834 { 773 my ($self, $envvars) = @_; 774 775 # give time for nbt server to register its names 776 print "delaying for nbt name registration\n"; 777 sleep(10); 778 # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init 779 system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); 780 system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} __SAMBA__"); 781 system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__"); 782 system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); 783 system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} $envvars->{SERVER}"); 784 # make sure smbd is also up set 785 print "wait for smbd\n"; 786 system($self->binpath("smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER_IP} -U% -p 139 | head -2"); 787 system($self->binpath("smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER_IP} -U% -p 139 | head -2"); 1835 my ($self, $envvars, $nmbd, $winbindd, $smbd) = @_; 1836 my $ret; 1837 1838 if ($nmbd eq "yes") { 1839 my $count = 0; 1840 1841 # give time for nbt server to register its names 1842 print "checking for nmbd\n"; 1843 1844 # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init 1845 my $nmblookup = Samba::bindir_path($self, "nmblookup"); 1846 1847 do { 1848 $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}"); 1849 if ($ret != 0) { 1850 sleep(1); 1851 } else { 1852 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); 1853 system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__"); 1854 system("$nmblookup $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__"); 1855 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); 1856 } 1857 $count++; 1858 } while ($ret != 0 && $count < 10); 1859 if ($count == 10) { 1860 print "NMBD not reachable after 10 retries\n"; 1861 teardown_env($self, $envvars); 1862 return 0; 1863 } 1864 } 1865 1866 if ($winbindd eq "yes") { 1867 print "checking for winbindd\n"; 1868 my $count = 0; 1869 do { 1870 $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "wbinfo") . " --ping-dc"); 1871 if ($ret != 0) { 1872 sleep(2); 1873 } 1874 $count++; 1875 } while ($ret != 0 && $count < 10); 1876 if ($count == 10) { 1877 print "WINBINDD not reachable after 20 seconds\n"; 1878 teardown_env($self, $envvars); 1879 return 0; 1880 } 1881 } 1882 1883 if ($smbd eq "yes") { 1884 # make sure smbd is also up set 1885 print "wait for smbd\n"; 1886 1887 my $count = 0; 1888 do { 1889 $ret = system(Samba::bindir_path($self, "smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139"); 1890 if ($ret != 0) { 1891 sleep(2); 1892 } 1893 $count++ 1894 } while ($ret != 0 && $count < 10); 1895 if ($count == 10) { 1896 print "SMBD failed to start up in a reasonable time (20sec)\n"; 1897 teardown_env($self, $envvars); 1898 return 0; 1899 } 1900 } 788 1901 789 1902 # Ensure we have domain users mapped. 790 system($self->binpath("net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain"); 1903 $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain"); 1904 if ($ret != 0) { 1905 return 1; 1906 } 1907 $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=512 unixgroup=domadmins type=domain"); 1908 if ($ret != 0) { 1909 return 1; 1910 } 1911 $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin"); 1912 if ($ret != 0) { 1913 return 1; 1914 } 1915 1916 if ($winbindd eq "yes") { 1917 # note: creating builtin groups requires winbindd for the 1918 # unix id allocator 1919 $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} sam createbuiltingroup Users"); 1920 if ($ret != 0) { 1921 print "Failed to create BUILTIN\\Users group\n"; 1922 return 0; 1923 } 1924 my $count = 0; 1925 do { 1926 system(Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} cache flush"); 1927 $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"); 1928 if ($ret != 0) { 1929 sleep(2); 1930 } 1931 $count++; 1932 } while ($ret != 0 && $count < 10); 1933 if ($count == 10) { 1934 print "WINBINDD not reachable after 20 seconds\n"; 1935 teardown_env($self, $envvars); 1936 return 0; 1937 } 1938 } 791 1939 792 1940 print $self->getlog_env($envvars); 1941 1942 return 1; 793 1943 } 794 1944 -
vendor/current/selftest/target/Samba4.pm
r740 r988 11 11 use POSIX; 12 12 use SocketWrapper; 13 use target::Samba; 14 use target::Samba3; 13 15 14 16 sub new($$$$$) { 15 my ($classname, $bindir, $ldap, $srcdir, $ exeext) = @_;16 $exeext = "" unless defined($exeext); 17 my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_; 18 17 19 my $self = { 18 20 vars => {}, … … 20 22 bindir => $bindir, 21 23 srcdir => $srcdir, 22 exeext => $exeext 24 server_maxtime => $server_maxtime, 25 target3 => new Samba3($bindir, $srcdir, $server_maxtime) 23 26 }; 24 27 bless $self; … … 26 29 } 27 30 28 sub bindir_path($$) {29 my ($self, $path) = @_;30 31 my $valpath = "$self->{bindir}/$path$self->{exeext}";32 33 return $valpath if (-f $valpath);34 return $path;35 }36 37 31 sub scriptdir_path($$) { 38 32 my ($self, $path) = @_; … … 46 40 { 47 41 my $count = 0; 48 my ($self, $env_vars ) = @_;49 my $ldbsearch = $self->bindir_path("ldbsearch");42 my ($self, $env_vars, $STDIN_READER) = @_; 43 my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); 50 44 51 45 my $uri = $env_vars->{LDAP_URI}; … … 57 51 # running slapd in the background means it stays in the same process group, so it can be 58 52 # killed by timelimit 59 if ($self->{ldap} eq "fedora-ds") { 60 system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &"); 61 } elsif ($self->{ldap} eq "openldap") { 62 system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &"); 63 } 53 my $pid = fork(); 54 if ($pid == 0) { 55 open STDOUT, ">$env_vars->{LDAPDIR}/logs"; 56 open STDERR, '>&STDOUT'; 57 close($env_vars->{STDIN_PIPE}); 58 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 59 60 if ($self->{ldap} eq "fedora-ds") { 61 exec("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd", "-D", $env_vars->{FEDORA_DS_DIR}, "-d0", "-i", $env_vars->{FEDORA_DS_PIDFILE}); 62 } elsif ($self->{ldap} eq "openldap") { 63 exec($ENV{OPENLDAP_SLAPD}, "-dnone", "-F", $env_vars->{SLAPD_CONF_D}, "-h", $uri); 64 } 65 die("Unable to start slapd: $!"); 66 } 67 $env_vars->{SLAPD_PID} = $pid; 68 sleep(1); 64 69 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) { 65 70 $count++; … … 76 81 { 77 82 my ($self, $envvars) = @_; 78 if ($self->{ldap} eq "fedora-ds") { 79 system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd"); 80 } elsif ($self->{ldap} eq "openldap") { 81 unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) { 82 warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}"); 83 return 0; 84 } 85 kill 9, <IN>; 86 close(IN); 87 } 83 kill 9, $envvars->{SLAPD_PID}; 88 84 return 1; 89 85 } … … 91 87 sub check_or_start($$$) 92 88 { 93 my ($self, $env_vars, $max_time) = @_; 94 return 0 if ( -p $env_vars->{SAMBA_TEST_FIFO}); 95 96 unlink($env_vars->{SAMBA_TEST_FIFO}); 97 POSIX::mkfifo($env_vars->{SAMBA_TEST_FIFO}, 0700); 98 unlink($env_vars->{SAMBA_TEST_LOG}); 99 100 my $pwd = `pwd`; 101 print "STARTING SAMBA for $ENV{ENVNAME}\n"; 89 my ($self, $env_vars, $process_model) = @_; 90 my $STDIN_READER; 91 92 my $env_ok = $self->check_env($env_vars); 93 if ($env_ok) { 94 return $env_vars->{SAMBA_PID}; 95 } 96 97 # use a pipe for stdin in the child processes. This allows 98 # those processes to monitor the pipe for EOF to ensure they 99 # exit when the test script exits 100 pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); 101 102 # Start slapd before samba, but with the fifo on stdin 103 if (defined($self->{ldap})) { 104 unless($self->slapd_start($env_vars, $STDIN_READER)) { 105 warn("couldn't start slapd (main run)"); 106 return undef; 107 } 108 } 109 110 print "STARTING SAMBA..."; 102 111 my $pid = fork(); 103 112 if ($pid == 0) { 104 open STDIN, $env_vars->{SAMBA_TEST_FIFO};105 113 # we want out from samba to go to the log file, but also 106 114 # to the users terminal when running 'make test' on the command … … 111 119 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); 112 120 113 my $valgrind = "";114 if (defined($ENV{SAMBA_VALGRIND})) {115 $valgrind = $ENV{SAMBA_VALGRIND};116 }117 118 121 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; 119 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; 122 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}; 123 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; 120 124 121 125 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; 122 126 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; 127 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS}; 128 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}; 129 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}; 130 131 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) { 132 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF}; 133 } else { 134 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS}; 135 } 123 136 124 137 $ENV{UID_WRAPPER} = "1"; 125 126 # Start slapd before samba, but with the fifo on stdin 127 if (defined($self->{ldap})) { 128 unless($self->slapd_start($env_vars)) { 129 warn("couldn't start slapd (main run)"); 130 return undef; 131 } 132 } 133 134 my $optarg = ""; 135 if (defined($max_time)) { 136 $optarg = "--maximum-runtime=$max_time "; 137 } 138 $ENV{UID_WRAPPER_ROOT} = "1"; 139 140 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba"); 141 my @preargs = (); 142 my @optargs = (); 138 143 if (defined($ENV{SAMBA_OPTIONS})) { 139 $optarg.= " $ENV{SAMBA_OPTIONS}"; 140 } 141 my $samba = $self->bindir_path("samba"); 142 143 # allow selection of the process model using 144 # the environment varibale SAMBA_PROCESS_MODEL 145 # that allows us to change the process model for 146 # individual machines in the build farm 147 my $model = "single"; 148 if (defined($ENV{SAMBA_PROCESS_MODEL})) { 149 $model = $ENV{SAMBA_PROCESS_MODEL}; 150 } 151 chomp($pwd); 152 my $cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $model -i"; 153 my $ret = system("$cmdline"); 154 if ($ret == -1) { 155 print "Unable to start $cmdline: $ret: $!\n"; 156 exit 1; 157 } 158 my $exit = ($ret >> 8); 159 unlink($env_vars->{SAMBA_TEST_FIFO}); 160 if ($ret == 0) { 161 print "$samba exited with no error\n"; 162 exit 0; 163 } elsif ( $ret & 127 ) { 164 print "$samba got signal ".($ret & 127)." and exits with $exit!\n"; 165 } else { 166 print "$samba failed with status $exit!\n"; 167 } 168 if ($exit == 0) { 169 $exit = -1; 170 } 171 exit $exit; 172 } 173 print "DONE\n"; 174 175 open(DATA, ">$env_vars->{SAMBA_TEST_FIFO}"); 144 @optargs = split(/ /, $ENV{SAMBA_OPTIONS}); 145 } 146 if(defined($ENV{SAMBA_VALGRIND})) { 147 @preargs = split(/ /,$ENV{SAMBA_VALGRIND}); 148 } 149 150 close($env_vars->{STDIN_PIPE}); 151 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 152 153 exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); 154 } 155 $env_vars->{SAMBA_PID} = $pid; 156 print "DONE ($pid)\n"; 157 158 close($STDIN_READER); 159 160 if ($self->wait_for_start($env_vars) != 0) { 161 warn("Samba $pid failed to start up"); 162 return undef; 163 } 176 164 177 165 return $pid; … … 181 169 { 182 170 my ($self, $testenv_vars) = @_; 171 my $ret = 0; 172 173 if (not $self->check_env($testenv_vars)) { 174 warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running"); 175 return -1; 176 } 177 183 178 # give time for nbt server to register its names 184 179 print "delaying for nbt name registration\n"; … … 187 182 # This will return quickly when things are up, but be slow if we 188 183 # need to wait for (eg) SSL init 189 my $nmblookup = $self->bindir_path("nmblookup");184 my $nmblookup = Samba::bindir_path($self, "nmblookup4"); 190 185 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); 191 186 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); 192 187 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 193 188 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 194 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOS ALIAS}");195 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOS ALIAS}");189 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 190 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 196 191 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); 197 192 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); 198 193 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 199 194 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 200 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}"); 201 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}"); 202 195 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 196 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 197 198 # Ensure we have the first RID Set before we start tests. This makes the tests more reliable. 199 if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) { 200 # Add hosts file for name lookups 201 $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS}; 202 if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) { 203 $ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF}; 204 } else { 205 $ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS}; 206 } 207 208 print "waiting for working LDAP and a RID Set to be allocated\n"; 209 my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); 210 my $count = 0; 211 my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM})); 212 my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn"; 213 sleep(1); 214 while (system("$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null") != 0) { 215 $count++; 216 if ($count > 40) { 217 $ret = -1; 218 last; 219 } 220 sleep(1); 221 } 222 } 203 223 print $self->getlog_env($testenv_vars); 224 225 return $ret 204 226 } 205 227 … … 208 230 my ($self, $file, $ldif) = @_; 209 231 210 my $ldbadd = $self->bindir_path("ldbadd");232 my $ldbadd = Samba::bindir_path($self, "ldbadd"); 211 233 open(LDIF, "|$ldbadd -H $file >/dev/null"); 212 234 print LDIF $ldif; … … 251 273 } 252 274 253 sub mk_keyblobs($$) 254 { 255 my ($self, $tlsdir) = @_; 256 257 #TLS and PKINIT crypto blobs 258 my $dhfile = "$tlsdir/dhparms.pem"; 259 my $cafile = "$tlsdir/ca.pem"; 260 my $certfile = "$tlsdir/cert.pem"; 261 my $reqkdc = "$tlsdir/req-kdc.der"; 262 my $kdccertfile = "$tlsdir/kdc.pem"; 263 my $keyfile = "$tlsdir/key.pem"; 264 my $adminkeyfile = "$tlsdir/adminkey.pem"; 265 my $reqadmin = "$tlsdir/req-admin.der"; 266 my $admincertfile = "$tlsdir/admincert.pem"; 267 my $admincertupnfile = "$tlsdir/admincertupn.pem"; 268 269 mkdir($tlsdir, 0777); 270 271 #This is specified here to avoid draining entropy on every run 272 open(DHFILE, ">$dhfile"); 273 print DHFILE <<EOF; 274 -----BEGIN DH PARAMETERS----- 275 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO 276 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv 277 YX70obsCAQI= 278 -----END DH PARAMETERS----- 279 EOF 280 close(DHFILE); 281 282 #Likewise, we pregenerate the key material. This allows the 283 #other certificates to be pre-generated 284 open(KEYFILE, ">$keyfile"); 285 print KEYFILE <<EOF; 286 -----BEGIN RSA PRIVATE KEY----- 287 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc 288 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H 289 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB 290 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6 291 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq 292 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p 293 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X 294 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ 295 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC 296 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu 297 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz 298 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki 299 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG 300 -----END RSA PRIVATE KEY----- 301 EOF 302 close(KEYFILE); 303 304 open(ADMINKEYFILE, ">$adminkeyfile"); 305 306 print ADMINKEYFILE <<EOF; 307 -----BEGIN RSA PRIVATE KEY----- 308 MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF 309 5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM 310 XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB 311 AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB 312 cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L 313 osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN 314 u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4 315 eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz 316 I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4 317 ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2 318 OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE 319 yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG 320 +cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko 321 -----END RSA PRIVATE KEY----- 322 EOF 323 324 #generated with 325 # hxtool issue-certificate --self-signed --issue-ca \ 326 # --ca-private-key="FILE:$KEYFILE" \ 327 # --subject="CN=CA,DC=samba,DC=example,DC=com" \ 328 # --certificate="FILE:$CAFILE" --lifetime="25 years" 329 330 open(CAFILE, ">$cafile"); 331 print CAFILE <<EOF; 332 -----BEGIN CERTIFICATE----- 333 MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR 334 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 335 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx 336 MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 337 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA 338 A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6 339 I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm 340 ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC 341 AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ 342 KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO 343 yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR 344 HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g= 345 -----END CERTIFICATE----- 346 EOF 347 348 #generated with GNUTLS internally in Samba. 349 350 open(CERTFILE, ">$certfile"); 351 print CERTFILE <<EOF; 352 -----BEGIN CERTIFICATE----- 353 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft 354 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1 355 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw 356 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p 357 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0 358 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB 359 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+ 360 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p 361 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw 362 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB 363 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG 364 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz 365 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA== 366 -----END CERTIFICATE----- 367 EOF 368 close(CERTFILE); 369 370 #KDC certificate 371 # hxtool request-create \ 372 # --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \ 373 # --key="FILE:$KEYFILE" $KDCREQ 374 375 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 376 # --type="pkinit-kdc" \ 377 # --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \ 378 # --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \ 379 # --lifetime="25 years" 380 381 open(KDCCERTFILE, ">$kdccertfile"); 382 print KDCCERTFILE <<EOF; 383 -----BEGIN CERTIFICATE----- 384 MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR 385 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 386 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx 387 MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 388 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0 389 Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF 390 yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5 391 PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB 392 AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w 393 S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji 394 dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK 395 MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B 396 AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc 397 ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv 398 KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg== 399 -----END CERTIFICATE----- 400 EOF 401 402 # hxtool request-create \ 403 # --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \ 404 # --key="FILE:$ADMINKEYFILE" $ADMINREQFILE 405 406 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 407 # --type="pkinit-client" \ 408 # --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \ 409 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \ 410 # --lifetime="25 years" 411 412 open(ADMINCERTFILE, ">$admincertfile"); 413 print ADMINCERTFILE <<EOF; 414 -----BEGIN CERTIFICATE----- 415 MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR 416 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 417 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw 418 MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 419 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p 420 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G 421 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF 422 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd 423 l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr 424 BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu 425 RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ 426 ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV 427 HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1 428 7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma 429 nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l 430 -----END CERTIFICATE----- 431 EOF 432 close(ADMINCERTFILE); 433 434 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 435 # --type="pkinit-client" \ 436 # --ms-upn="administrator@samba.example.com" \ 437 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \ 438 # --lifetime="25 years" 439 440 open(ADMINCERTUPNFILE, ">$admincertupnfile"); 441 print ADMINCERTUPNFILE <<EOF; 442 -----BEGIN CERTIFICATE----- 443 MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR 444 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 445 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw 446 MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 447 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p 448 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G 449 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF 450 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd 451 l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr 452 BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p 453 c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS 454 +jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG 455 9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS 456 Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq 457 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ== 458 -----END CERTIFICATE----- 459 EOF 460 } 461 462 sub mk_krb5_conf($$) 463 { 464 my ($self, $ctx) = @_; 465 466 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { 467 warn("can't open $ctx->{krb5_conf}$?"); 468 return undef; 469 } 470 print KRB5CONF " 471 #Generated krb5.conf for $ctx->{realm} 472 473 [libdefaults] 474 default_realm = $ctx->{realm} 475 dns_lookup_realm = false 476 dns_lookup_kdc = false 477 ticket_lifetime = 24h 478 forwardable = yes 479 allow_weak_crypto = yes 480 481 [realms] 482 $ctx->{realm} = { 483 kdc = $ctx->{kdc_ipv4}:88 484 admin_server = $ctx->{kdc_ipv4}:88 485 default_domain = $ctx->{dnsname} 486 } 487 $ctx->{dnsname} = { 488 kdc = $ctx->{kdc_ipv4}:88 489 admin_server = $ctx->{kdc_ipv4}:88 490 default_domain = $ctx->{dnsname} 491 } 492 $ctx->{domain} = { 493 kdc = $ctx->{kdc_ipv4}:88 494 admin_server = $ctx->{kdc_ipv4}:88 495 default_domain = $ctx->{dnsname} 496 } 497 498 [appdefaults] 499 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem 500 501 [kdc] 502 enable-pkinit = true 503 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem 504 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem 505 506 [domain_realm] 507 .$ctx->{dnsname} = $ctx->{realm} 508 "; 509 close(KRB5CONF); 510 } 511 512 sub provision_raw_prepare($$$$$$$$$$) 513 { 514 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias, 275 sub setup_namespaces($$:$$) 276 { 277 my ($self, $localenv, $upn_array, $spn_array) = @_; 278 279 @{$upn_array} = [] unless defined($upn_array); 280 my $upn_args = ""; 281 foreach my $upn (@{$upn_array}) { 282 $upn_args .= " --add-upn-suffix=$upn"; 283 } 284 285 @{$spn_array} = [] unless defined($spn_array); 286 my $spn_args = ""; 287 foreach my $spn (@{$spn_array}) { 288 $spn_args .= " --add-spn-suffix=$spn"; 289 } 290 291 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 292 293 my $cmd_env = ""; 294 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 295 if (defined($localenv->{RESOLV_WRAPPER_CONF})) { 296 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" "; 297 } else { 298 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" "; 299 } 300 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\""; 301 302 my $cmd_config = " $localenv->{CONFIGURATION}"; 303 304 my $namespaces = $cmd_env; 305 $namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args"; 306 $namespaces .= $cmd_config; 307 unless (system($namespaces) == 0) { 308 warn("Failed to add namespaces \n$namespaces"); 309 return; 310 } 311 312 return; 313 } 314 315 sub setup_trust($$$$$) 316 { 317 my ($self, $localenv, $remoteenv, $type, $extra_args) = @_; 318 319 $localenv->{TRUST_SERVER} = $remoteenv->{SERVER}; 320 $localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP}; 321 $localenv->{TRUST_SERVER_IPV6} = $remoteenv->{SERVER_IPV6}; 322 $localenv->{TRUST_NETBIOSNAME} = $remoteenv->{NETBIOSNAME}; 323 $localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME}; 324 $localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD}; 325 $localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN}; 326 $localenv->{TRUST_REALM} = $remoteenv->{REALM}; 327 328 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 329 # setup the trust 330 my $cmd_env = ""; 331 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 332 if (defined($localenv->{RESOLV_WRAPPER_CONF})) { 333 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" "; 334 } else { 335 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" "; 336 } 337 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\""; 338 339 my $cmd_config = " $localenv->{CONFIGURATION}"; 340 my $cmd_creds = $cmd_config; 341 $cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}"; 342 343 my $create = $cmd_env; 344 $create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}"; 345 $create .= " $extra_args"; 346 $create .= $cmd_creds; 347 unless (system($create) == 0) { 348 warn("Failed to create trust \n$create"); 349 return undef; 350 } 351 352 return $localenv 353 } 354 355 sub provision_raw_prepare($$$$$$$$$$$) 356 { 357 my ($self, $prefix, $server_role, $hostname, 515 358 $domain, $realm, $functional_level, 516 $ swiface, $password, $kdc_ipv4) = @_;359 $password, $kdc_ipv4, $kdc_ipv6) = @_; 517 360 my $ctx; 361 my $netbiosname = uc($hostname); 518 362 519 363 unless(-d $prefix or mkdir($prefix, 0777)) { … … 530 374 } 531 375 376 377 my $swiface = Samba::get_interface($hostname); 378 532 379 $ctx->{prefix} = $prefix; 533 380 $ctx->{prefix_abs} = $prefix_abs; 534 535 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";536 381 537 382 $ctx->{server_role} = $server_role; 383 $ctx->{hostname} = $hostname; 538 384 $ctx->{netbiosname} = $netbiosname; 539 $ctx->{netbiosalias} = $netbiosalias;540 385 $ctx->{swiface} = $swiface; 541 386 $ctx->{password} = $password; 542 387 $ctx->{kdc_ipv4} = $kdc_ipv4; 543 388 $ctx->{kdc_ipv6} = $kdc_ipv6; 389 if ($functional_level eq "2000") { 390 $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc" 391 } 392 393 # 394 # Set smbd log level here. 395 # 544 396 $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1; 545 397 $ctx->{username} = "Administrator"; … … 547 399 $ctx->{realm} = uc($realm); 548 400 $ctx->{dnsname} = lc($realm); 549 $ctx->{sid_generator} = "internal";550 401 551 402 $ctx->{functional_level} = $functional_level; … … 555 406 $ctx->{unix_name} = $unix_name; 556 407 $ctx->{unix_uid} = $>; 408 my @mygid = split(" ", $(); 409 $ctx->{unix_gid} = $mygid[0]; 557 410 $ctx->{unix_gids_str} = $); 558 411 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str}); … … 565 418 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; 566 419 $ctx->{lockdir} = "$prefix_abs/lockdir"; 420 $ctx->{logdir} = "$prefix_abs/logs"; 421 $ctx->{statedir} = "$prefix_abs/statedir"; 422 $ctx->{cachedir} = "$prefix_abs/cachedir"; 567 423 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket"; 568 424 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket"; … … 570 426 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd"; 571 427 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group"; 428 $ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts"; 429 if ($ENV{SAMBA_DNS_FAKING}) { 430 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file"; 431 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}"; 432 } else { 433 $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf"; 434 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}"; 435 } 572 436 573 437 $ctx->{tlsdir} = "$ctx->{privatedir}/tls"; 574 438 575 439 $ctx->{ipv4} = "127.0.0.$swiface"; 576 $ctx->{interfaces} = "$ctx->{ipv4}/8"; 440 $ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); 441 $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64"; 577 442 578 443 push(@{$ctx->{directories}}, $ctx->{privatedir}); 579 444 push(@{$ctx->{directories}}, $ctx->{etcdir}); 580 445 push(@{$ctx->{directories}}, $ctx->{piddir}); 581 push(@{$ctx->{directories}}, $ctx->{ncalrpcdir});582 446 push(@{$ctx->{directories}}, $ctx->{lockdir}); 447 push(@{$ctx->{directories}}, $ctx->{logdir}); 448 push(@{$ctx->{directories}}, $ctx->{statedir}); 449 push(@{$ctx->{directories}}, $ctx->{cachedir}); 583 450 584 451 $ctx->{smb_conf_extra_options} = ""; 585 452 586 453 my @provision_options = (); 454 push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\""); 587 455 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\""); 588 456 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\""); 457 push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\""); 458 if (defined($ctx->{resolv_conf})) { 459 push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\""); 460 } else { 461 push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\""); 462 } 589 463 if (defined($ENV{GDB_PROVISION})) { 590 464 push (@provision_options, "gdb --args"); … … 604 478 push (@provision_options, $ENV{PYTHON}); 605 479 } 606 push (@provision_options, "$self->{srcdir}/source4/setup/provision"); 480 push (@provision_options, Samba::bindir_path($self, "samba-tool")); 481 push (@provision_options, "domain"); 482 push (@provision_options, "provision"); 607 483 push (@provision_options, "--configfile=$ctx->{smb_conf}"); 608 push (@provision_options, "--host-name=$ctx->{ netbiosname}");484 push (@provision_options, "--host-name=$ctx->{hostname}"); 609 485 push (@provision_options, "--host-ip=$ctx->{ipv4}"); 610 486 push (@provision_options, "--quiet"); … … 632 508 mkdir($_, 0777) foreach (@{$ctx->{directories}}); 633 509 510 ## 511 ## lockdir and piddir must be 0755 512 ## 513 chmod 0755, $ctx->{lockdir}; 514 chmod 0755, $ctx->{piddir}; 515 634 516 unless (open(CONFFILE, ">$ctx->{smb_conf}")) { 635 517 warn("can't open $ctx->{smb_conf}$?"); 636 518 return undef; 637 519 } 520 521 Samba::prepare_keyblobs($ctx); 522 my $crlfile = "$ctx->{tlsdir}/crl.pem"; 523 $crlfile = "" unless -e ${crlfile}; 524 638 525 print CONFFILE " 639 526 [global] 640 527 netbios name = $ctx->{netbiosname} 641 netbios aliases = $ctx->{netbiosalias} 642 posix:eadb = $ctx->{lockdir}/eadb.tdb 528 posix:eadb = $ctx->{statedir}/eadb.tdb 643 529 workgroup = $ctx->{domain} 644 530 realm = $ctx->{realm} … … 647 533 ncalrpc dir = $ctx->{ncalrpcdir} 648 534 lock dir = $ctx->{lockdir} 535 state directory = $ctx->{statedir} 536 cache directory = $ctx->{cachedir} 649 537 winbindd socket directory = $ctx->{winbindd_socket_dir} 650 538 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir} 651 539 ntp signd socket directory = $ctx->{ntp_signd_socket_dir} 652 540 winbind separator = / 653 name resolve order = file bcast654 541 interfaces = $ctx->{interfaces} 655 542 tls dh params file = $ctx->{tlsdir}/dhparms.pem 656 panic action = $RealBin/gdb_backtrace \%PID% \%PROG% 543 tls crlfile = ${crlfile} 544 tls verify peer = no_check 545 panic action = $RealBin/gdb_backtrace \%d 657 546 wins support = yes 658 547 server role = $ctx->{server_role} 659 server services = +echo 548 server services = +echo +smb -s3fs 549 dcerpc endpoint servers = +winreg +srvsvc 660 550 notify:inotify = false 661 551 ldb:nosync = true 552 ldap server require strong auth = yes 662 553 #We don't want to pass our self-tests if the PAC code is wrong 663 554 gensec:require_pac = true 555 log file = $ctx->{logdir}/log.\%m 664 556 log level = $ctx->{server_loglevel} 665 557 lanman auth = Yes 666 558 rndc command = true 667 dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file} 668 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate 669 resolv:host file = $ctx->{dns_host_file} 559 dns update command = $ctx->{samba_dnsupdate} 560 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf} 670 561 dreplsrv:periodic_startup_interval = 0 562 dsdb:schema update allowed = yes 563 564 vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot 565 566 # remove this again, when our smb2 client library 567 # supports signin on compound related requests 568 server signing = on 569 570 idmap_ldb:use rfc2307=yes 571 winbind enum users = yes 572 winbind enum groups = yes 671 573 "; 672 673 if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {674 print CONFFILE "675 sid generator = $ctx->{sid_generator}";676 }677 574 678 575 print CONFFILE " … … 684 581 close(CONFFILE); 685 582 686 $self->mk_keyblobs($ctx->{tlsdir}); 687 688 $self->mk_krb5_conf($ctx); 583 #Default the KDC IP to the server's IP 584 if (not defined($ctx->{kdc_ipv4})) { 585 $ctx->{kdc_ipv4} = $ctx->{ipv4}; 586 } 587 if (not defined($ctx->{kdc_ipv6})) { 588 $ctx->{kdc_ipv6} = $ctx->{ipv6}; 589 } 590 591 Samba::mk_krb5_conf($ctx); 689 592 690 593 open(PWD, ">$ctx->{nsswrap_passwd}"); 691 print PWD " 692 root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false 693 $ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false 694 nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false 594 if ($ctx->{unix_uid} != 0) { 595 print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n"; 596 } 597 print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n"; 598 print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false 599 pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 600 pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 601 pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 602 pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 695 603 "; 696 604 close(PWD); 605 my $uid_rfc2307test = 65533; 697 606 698 607 open(GRP, ">$ctx->{nsswrap_group}"); 699 print GRP " 700 root:x:0: 701 wheel:x:10: 702 users:x:100: 608 if ($ctx->{unix_gid} != 0) { 609 print GRP "root:x:0:\n"; 610 } 611 print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n"; 612 print GRP "wheel:x:10: 613 users:x:65531: 703 614 nobody:x:65533: 704 615 nogroup:x:65534:nobody 705 616 "; 706 617 close(GRP); 618 my $gid_rfc2307test = 65532; 619 620 my $hostname = lc($ctx->{hostname}); 621 open(HOSTS, ">>$ctx->{nsswrap_hosts}"); 622 if ($hostname eq "localdc") { 623 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; 624 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; 625 } else { 626 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n"; 627 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n"; 628 } 629 close(HOSTS); 630 631 if (defined($ctx->{resolv_conf})) { 632 open(RESOLV_CONF, ">$ctx->{resolv_conf}"); 633 print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n"; 634 print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n"; 635 close(RESOLV_CONF); 636 } 707 637 708 638 my $configuration = "--configfile=$ctx->{smb_conf}"; 709 639 710 640 #Ensure the config file is valid before we start 711 my $testparm = $self->scriptdir_path("bin/testparm");641 my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm"; 712 642 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) { 713 643 system("$testparm -v --suppress-prompt $configuration >&2"); … … 723 653 KRB5_CONFIG => $ctx->{krb5_conf}, 724 654 PIDDIR => $ctx->{piddir}, 725 SERVER => $ctx->{ netbiosname},655 SERVER => $ctx->{hostname}, 726 656 SERVER_IP => $ctx->{ipv4}, 657 SERVER_IPV6 => $ctx->{ipv6}, 727 658 NETBIOSNAME => $ctx->{netbiosname}, 728 NETBIOSALIAS => $ctx->{netbiosalias},729 659 DOMAIN => $ctx->{domain}, 730 660 USERNAME => $ctx->{username}, … … 733 663 LDAPDIR => $ctx->{ldapdir}, 734 664 LDAP_INSTANCE => $ctx->{ldap_instance}, 735 WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},665 SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir}, 736 666 NCALRPCDIR => $ctx->{ncalrpcdir}, 737 667 LOCKDIR => $ctx->{lockdir}, 668 STATEDIR => $ctx->{statedir}, 669 CACHEDIR => $ctx->{cachedir}, 670 PRIVATEDIR => $ctx->{privatedir}, 738 671 SERVERCONFFILE => $ctx->{smb_conf}, 739 672 CONFIGURATION => $configuration, … … 741 674 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd}, 742 675 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group}, 676 NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts}, 743 677 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo", 744 678 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", 745 679 SAMBA_TEST_LOG_POS => 0, 680 NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self), 681 NSS_WRAPPER_MODULE_FN_PREFIX => "winbind", 682 LOCAL_PATH => $ctx->{share}, 683 UID_RFC2307TEST => $uid_rfc2307test, 684 GID_RFC2307TEST => $gid_rfc2307test, 685 SERVER_ROLE => $ctx->{server_role} 746 686 }; 687 688 if (defined($ctx->{resolv_conf})) { 689 $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf}; 690 } else { 691 $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file}; 692 } 747 693 748 694 return $ret; … … 762 708 } 763 709 710 my $testallowed_account = "testallowed"; 711 my $samba_tool_cmd = ""; 712 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 713 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 714 . " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}"; 715 unless (system($samba_tool_cmd) == 0) { 716 warn("Unable to add testallowed user: \n$samba_tool_cmd\n"); 717 return undef; 718 } 719 720 my $ldbmodify = ""; 721 $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 722 $ldbmodify .= Samba::bindir_path($self, "ldbmodify"); 723 my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); 724 725 if ($ctx->{server_role} ne "domain controller") { 726 $base_dn = "DC=$ctx->{netbiosname}"; 727 } 728 729 my $user_dn = "cn=$testallowed_account,cn=users,$base_dn"; 730 $testallowed_account = "testallowed account"; 731 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 732 print LDIF "dn: $user_dn 733 changetype: modify 734 replace: samAccountName 735 samAccountName: $testallowed_account 736 - 737 "; 738 close(LDIF); 739 740 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 741 print LDIF "dn: $user_dn 742 changetype: modify 743 replace: userPrincipalName 744 userPrincipalName: testallowed upn\@$ctx->{realm} 745 replace: servicePrincipalName 746 servicePrincipalName: host/testallowed 747 - 748 "; 749 close(LDIF); 750 751 $samba_tool_cmd = ""; 752 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 753 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 754 . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}"; 755 unless (system($samba_tool_cmd) == 0) { 756 warn("Unable to add testdenied user: \n$samba_tool_cmd\n"); 757 return undef; 758 } 759 760 my $user_dn = "cn=testdenied,cn=users,$base_dn"; 761 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 762 print LDIF "dn: $user_dn 763 changetype: modify 764 replace: userPrincipalName 765 userPrincipalName: testdenied_upn\@$ctx->{realm}.upn 766 - 767 "; 768 close(LDIF); 769 770 $samba_tool_cmd = ""; 771 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 772 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 773 . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'"; 774 unless (system($samba_tool_cmd) == 0) { 775 warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n"); 776 return undef; 777 } 778 764 779 return $ret; 765 780 } 766 781 767 sub provision($$$$$$$$$ )768 { 769 my ($self, $prefix, $server_role, $ netbiosname, $netbiosalias,782 sub provision($$$$$$$$$$) 783 { 784 my ($self, $prefix, $server_role, $hostname, 770 785 $domain, $realm, $functional_level, 771 $swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_; 786 $password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares, 787 $extra_provision_options) = @_; 772 788 773 789 my $ctx = $self->provision_raw_prepare($prefix, $server_role, 774 $ netbiosname, $netbiosalias,790 $hostname, 775 791 $domain, $realm, $functional_level, 776 $swiface, $password, $kdc_ipv4); 777 778 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp"; 779 push(@{$ctx->{directories}}, "$ctx->{tmpdir}"); 780 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test1"); 781 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test2"); 792 $password, $kdc_ipv4, $kdc_ipv6); 793 794 if (defined($extra_provision_options)) { 795 push (@{$ctx->{provision_options}}, @{$extra_provision_options}); 796 } else { 797 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 798 } 799 800 $ctx->{share} = "$ctx->{prefix_abs}/share"; 801 push(@{$ctx->{directories}}, "$ctx->{share}"); 802 push(@{$ctx->{directories}}, "$ctx->{share}/test1"); 803 push(@{$ctx->{directories}}, "$ctx->{share}/test2"); 804 805 # precreate directories for printer drivers 806 push(@{$ctx->{directories}}, "$ctx->{share}/W32X86"); 807 push(@{$ctx->{directories}}, "$ctx->{share}/x64"); 808 push(@{$ctx->{directories}}, "$ctx->{share}/WIN40"); 809 782 810 my $msdfs = "no"; 783 811 $msdfs = "yes" if ($server_role eq "domain controller"); … … 786 814 max xmit = 32K 787 815 server max protocol = SMB2 788 $extra_smbconf_options789 816 host msdfs = $msdfs 790 817 lanman auth = yes 818 allow nt4 crypto = yes 819 820 # fruit:copyfile is a global option 821 fruit:copyfile = yes 822 823 $extra_smbconf_options 791 824 792 825 [tmp] 793 path = $ctx->{ tmpdir}826 path = $ctx->{share} 794 827 read only = no 795 posix:sharedelay = 10000 828 posix:sharedelay = 100000 796 829 posix:oplocktimeout = 3 797 830 posix:writetimeupdatedelay = 500000 798 831 832 [xcopy_share] 833 path = $ctx->{share} 834 read only = no 835 posix:sharedelay = 100000 836 posix:oplocktimeout = 3 837 posix:writetimeupdatedelay = 500000 838 create mask = 777 839 force create mode = 777 840 841 [posix_share] 842 path = $ctx->{share} 843 read only = no 844 create mask = 0777 845 force create mode = 0 846 directory mask = 0777 847 force directory mode = 0 848 799 849 [test1] 800 path = $ctx->{ tmpdir}/test1850 path = $ctx->{share}/test1 801 851 read only = no 802 posix:sharedelay = 10000 852 posix:sharedelay = 100000 803 853 posix:oplocktimeout = 3 804 posix:writetimeupdatedelay = 50000 854 posix:writetimeupdatedelay = 500000 805 855 806 856 [test2] 807 path = $ctx->{ tmpdir}/test2857 path = $ctx->{share}/test2 808 858 read only = no 809 posix:sharedelay = 10000 859 posix:sharedelay = 100000 810 860 posix:oplocktimeout = 3 811 posix:writetimeupdatedelay = 50000 861 posix:writetimeupdatedelay = 500000 812 862 813 863 [cifs] 864 path = $ctx->{share}/_ignore_cifs_ 814 865 read only = no 815 866 ntvfs handler = cifs 816 867 cifs:server = $ctx->{netbiosname} 817 868 cifs:share = tmp 818 #There is no username specified here, instead the client is expected 819 #to log in with kerberos, and the serverwill use delegated credentials. 869 cifs:use-s4u2proxy = yes 870 # There is no username specified here, instead the client is expected 871 # to log in with kerberos, and the serverwill use delegated credentials. 872 # Or the server tries s4u2self/s4u2proxy to impersonate the client 820 873 821 874 [simple] 822 path = $ctx->{ tmpdir}875 path = $ctx->{share} 823 876 read only = no 824 877 ntvfs handler = simple 825 878 826 879 [sysvol] 827 path = $ctx->{ lockdir}/sysvol828 read only = yes880 path = $ctx->{statedir}/sysvol 881 read only = no 829 882 830 883 [netlogon] 831 path = $ctx->{ lockdir}/sysvol/$ctx->{dnsname}/scripts884 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 832 885 read only = no 833 886 … … 835 888 copy = simple 836 889 ntvfs handler = cifsposix 890 891 [vfs_fruit] 892 path = $ctx->{share} 893 vfs objects = catia fruit streams_xattr acl_xattr 894 ea support = yes 895 fruit:ressource = file 896 fruit:metadata = netatalk 897 fruit:locking = netatalk 898 fruit:encoding = native 899 900 $extra_smbconf_shares 837 901 "; 838 902 … … 845 909 $ldap_uri = "ldapi://$ldap_uri"; 846 910 $ctx->{ldap_uri} = $ldap_uri; 847 if ($self->{ldap} eq "fedora-ds") {848 $ctx->{sid_generator} = "backend";849 }850 911 851 912 $ctx->{ldap_instance} = lc($ctx->{netbiosname}); … … 876 937 } 877 938 878 sub provision_ member($$$)939 sub provision_s4member($$$) 879 940 { 880 941 my ($self, $prefix, $dcvars) = @_; 881 942 print "PROVISIONING MEMBER..."; 882 943 my $extra_smb_conf = " 944 passdb backend = samba_dsdb 945 winbindd:use external pipes = true 946 947 rpc_server:default = external 948 rpc_server:svcctl = embedded 949 rpc_server:srvsvc = embedded 950 rpc_server:eventlog = embedded 951 rpc_server:ntsvcs = embedded 952 rpc_server:winreg = embedded 953 rpc_server:spoolss = embedded 954 rpc_daemon:spoolssd = embedded 955 rpc_server:tcpip = no 956 "; 883 957 my $ret = $self->provision($prefix, 884 958 "member server", 885 "localmember", 886 "member3", 959 "s4member", 887 960 "SAMBADOMAIN", 888 961 "samba.example.com", 889 962 "2008", 890 3,891 963 "locMEMpass3", 892 964 $dcvars->{SERVER_IP}, 893 ""); 965 $dcvars->{SERVER_IPV6}, 966 $extra_smb_conf, "", undef); 894 967 unless ($ret) { 895 968 return undef; 896 969 } 897 970 898 my $samba_tool = $self->bindir_path("samba-tool"); 971 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 972 my $cmd = ""; 973 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 974 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 975 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 976 } else { 977 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 978 } 979 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 980 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 981 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 982 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 983 984 unless (system($cmd) == 0) { 985 warn("Join failed\n$cmd"); 986 return undef; 987 } 988 989 $ret->{MEMBER_SERVER} = $ret->{SERVER}; 990 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP}; 991 $ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6}; 992 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME}; 993 $ret->{MEMBER_USERNAME} = $ret->{USERNAME}; 994 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD}; 995 996 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 997 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 998 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 999 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1000 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1001 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1002 1003 return $ret; 1004 } 1005 1006 sub provision_rpc_proxy($$$) 1007 { 1008 my ($self, $prefix, $dcvars) = @_; 1009 print "PROVISIONING RPC PROXY..."; 1010 1011 my $extra_smbconf_options = " 1012 passdb backend = samba_dsdb 1013 1014 # rpc_proxy 1015 dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER} 1016 dcerpc endpoint servers = epmapper, remote 1017 dcerpc_remote:interfaces = rpcecho 1018 1019 [cifs_to_dc] 1020 path = /tmp/_ignore_cifs_to_dc_/_none_ 1021 read only = no 1022 ntvfs handler = cifs 1023 cifs:server = $dcvars->{SERVER} 1024 cifs:share = cifs 1025 cifs:use-s4u2proxy = yes 1026 # There is no username specified here, instead the client is expected 1027 # to log in with kerberos, and the serverwill use delegated credentials. 1028 # Or the server tries s4u2self/s4u2proxy to impersonate the client 1029 1030 "; 1031 1032 my $ret = $self->provision($prefix, 1033 "member server", 1034 "localrpcproxy", 1035 "SAMBADOMAIN", 1036 "samba.example.com", 1037 "2008", 1038 "locRPCproxypass4", 1039 $dcvars->{SERVER_IP}, 1040 $dcvars->{SERVER_IPV6}, 1041 $extra_smbconf_options, "", undef); 1042 1043 unless ($ret) { 1044 return undef; 1045 } 1046 1047 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1048 1049 # The joind runs in the context of the rpc_proxy/member for now 1050 my $cmd = ""; 1051 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1052 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1053 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1054 } else { 1055 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1056 } 1057 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1058 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 1059 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1060 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 1061 1062 unless (system($cmd) == 0) { 1063 warn("Join failed\n$cmd"); 1064 return undef; 1065 } 1066 1067 # Setting up delegation runs in the context of the DC for now 1068 $cmd = ""; 1069 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1070 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" "; 1071 $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on"; 1072 $cmd .= " $dcvars->{CONFIGURATION}"; 1073 print $cmd; 1074 1075 unless (system($cmd) == 0) { 1076 warn("Delegation failed\n$cmd"); 1077 return undef; 1078 } 1079 1080 # Setting up delegation runs in the context of the DC for now 1081 $cmd = ""; 1082 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1083 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" "; 1084 $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}"; 1085 $cmd .= " $dcvars->{CONFIGURATION}"; 1086 1087 unless (system($cmd) == 0) { 1088 warn("Delegation failed\n$cmd"); 1089 return undef; 1090 } 1091 1092 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER}; 1093 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP}; 1094 $ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1095 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1096 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME}; 1097 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD}; 1098 1099 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1100 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1101 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1102 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1103 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1104 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1105 1106 return $ret; 1107 } 1108 1109 sub provision_promoted_dc($$$) 1110 { 1111 my ($self, $prefix, $dcvars) = @_; 1112 print "PROVISIONING PROMOTED DC..."; 1113 1114 # We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'. 1115 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1116 "promotedvdc", 1117 "SAMBADOMAIN", 1118 "samba.example.com", 1119 "2008", 1120 $dcvars->{PASSWORD}, 1121 $dcvars->{SERVER_IP}, 1122 $dcvars->{SERVER_IPV6}); 1123 1124 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1125 1126 $ctx->{smb_conf_extra_options} = " 1127 max xmit = 32K 1128 server max protocol = SMB2 1129 1130 [sysvol] 1131 path = $ctx->{statedir}/sysvol 1132 read only = yes 1133 1134 [netlogon] 1135 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1136 read only = no 1137 1138 "; 1139 1140 my $ret = $self->provision_raw_step1($ctx); 1141 unless ($ret) { 1142 return undef; 1143 } 1144 1145 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1146 my $cmd = ""; 1147 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1148 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1149 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1150 } else { 1151 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1152 } 1153 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1154 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}"; 1155 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1156 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 1157 1158 unless (system($cmd) == 0) { 1159 warn("Join failed\n$cmd"); 1160 return undef; 1161 } 1162 1163 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 899 1164 my $cmd = ""; 900 1165 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 901 1166 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 902 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";1167 $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 903 1168 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1169 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ"; 904 1170 905 1171 unless (system($cmd) == 0) { … … 908 1174 } 909 1175 910 $ret->{MEMBER_SERVER} = $ret->{SERVER}; 911 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP}; 912 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME}; 913 $ret->{MEMBER_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 914 $ret->{MEMBER_USERNAME} = $ret->{USERNAME}; 915 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD}; 1176 $ret->{PROMOTED_DC_SERVER} = $ret->{SERVER}; 1177 $ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP}; 1178 $ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1179 $ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 916 1180 917 1181 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 918 1182 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1183 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 919 1184 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 920 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};921 1185 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 922 1186 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; … … 925 1189 } 926 1190 927 sub provision_ rpc_proxy($$$)1191 sub provision_vampire_dc($$$) 928 1192 { 929 1193 my ($self, $prefix, $dcvars) = @_; 930 print "PROVISIONING RPC PROXY..."; 931 932 my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc 933 dcerpc endpoint servers = epmapper, remote 934 dcerpc_remote:interfaces = rpcecho 1194 print "PROVISIONING VAMPIRE DC..."; 1195 1196 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1197 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1198 "localvampiredc", 1199 "SAMBADOMAIN", 1200 "samba.example.com", 1201 "2008", 1202 $dcvars->{PASSWORD}, 1203 $dcvars->{SERVER_IP}, 1204 $dcvars->{SERVER_IPV6}); 1205 1206 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1207 1208 $ctx->{smb_conf_extra_options} = " 1209 max xmit = 32K 1210 server max protocol = SMB2 1211 1212 [sysvol] 1213 path = $ctx->{statedir}/sysvol 1214 read only = yes 1215 1216 [netlogon] 1217 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1218 read only = no 1219 935 1220 "; 936 1221 1222 my $ret = $self->provision_raw_step1($ctx); 1223 unless ($ret) { 1224 return undef; 1225 } 1226 1227 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1228 my $cmd = ""; 1229 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1230 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1231 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1232 } else { 1233 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1234 } 1235 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1236 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 1237 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only"; 1238 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs"; 1239 1240 unless (system($cmd) == 0) { 1241 warn("Join failed\n$cmd"); 1242 return undef; 1243 } 1244 1245 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER}; 1246 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP}; 1247 $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1248 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1249 1250 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1251 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1252 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1253 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1254 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1255 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1256 $ret->{DC_REALM} = $dcvars->{DC_REALM}; 1257 1258 return $ret; 1259 } 1260 1261 sub provision_subdom_dc($$$) 1262 { 1263 my ($self, $prefix, $dcvars) = @_; 1264 print "PROVISIONING SUBDOMAIN DC..."; 1265 1266 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1267 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1268 "localsubdc", 1269 "SAMBASUBDOM", 1270 "sub.samba.example.com", 1271 "2008", 1272 $dcvars->{PASSWORD}, 1273 undef); 1274 1275 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1276 1277 $ctx->{smb_conf_extra_options} = " 1278 max xmit = 32K 1279 server max protocol = SMB2 1280 1281 [sysvol] 1282 path = $ctx->{statedir}/sysvol 1283 read only = yes 1284 1285 [netlogon] 1286 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1287 read only = no 1288 1289 "; 1290 1291 my $ret = $self->provision_raw_step1($ctx); 1292 unless ($ret) { 1293 return undef; 1294 } 1295 1296 Samba::mk_krb5_conf($ctx); 1297 1298 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1299 my $cmd = ""; 1300 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1301 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1302 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1303 } else { 1304 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1305 } 1306 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1307 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain "; 1308 $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}"; 1309 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs"; 1310 $cmd .= " --adminpass=$ret->{PASSWORD}"; 1311 1312 unless (system($cmd) == 0) { 1313 warn("Join failed\n$cmd"); 1314 return undef; 1315 } 1316 1317 $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER}; 1318 $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP}; 1319 $ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1320 $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1321 1322 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1323 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1324 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1325 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1326 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1327 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1328 1329 return $ret; 1330 } 1331 1332 sub provision_ad_dc_ntvfs($$) 1333 { 1334 my ($self, $prefix) = @_; 1335 1336 # We keep the old 'winbind' name here in server services to 1337 # ensure upgrades which used that name still work with the now 1338 # alias. 1339 1340 print "PROVISIONING AD DC (NTVFS)..."; 1341 my $extra_conf_options = "netbios aliases = localDC1-a 1342 server services = +winbind -winbindd 1343 ldap server require strong auth = allow_sasl_over_tls 1344 "; 937 1345 my $ret = $self->provision($prefix, 938 "member server", 939 "localrpcproxy", 940 "rpcproxy4", 1346 "domain controller", 1347 "localdc", 941 1348 "SAMBADOMAIN", 942 1349 "samba.example.com", 943 1350 "2008", 944 4, 945 "locRPCproxypass4", 946 $dcvars->{SERVER_IP}, 947 $extra_smbconf_options); 948 949 unless ($ret) { 950 return undef; 951 } 952 953 my $samba_tool = $self->bindir_path("samba-tool"); 954 my $cmd = ""; 955 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 956 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 957 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 958 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 959 960 unless (system($cmd) == 0) { 961 warn("Join failed\n$cmd"); 962 return undef; 963 } 964 965 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER}; 966 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP}; 967 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME}; 968 $ret->{RPC_PROXY_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 969 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME}; 970 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD}; 1351 "locDCpass1", 1352 undef, 1353 undef, 1354 $extra_conf_options, 1355 "", 1356 undef); 1357 1358 return undef unless(defined $ret); 1359 unless($self->add_wins_config("$prefix/private")) { 1360 warn("Unable to add wins configuration"); 1361 return undef; 1362 } 1363 $ret->{NETBIOSALIAS} = "localdc1-a"; 1364 $ret->{DC_SERVER} = $ret->{SERVER}; 1365 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1366 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1367 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1368 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1369 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1370 $ret->{DC_REALM} = $ret->{REALM}; 971 1371 972 1372 return $ret; 973 1373 } 974 1374 975 sub provision_vampire_dc($$$) 1375 sub provision_fl2000dc($$) 1376 { 1377 my ($self, $prefix) = @_; 1378 1379 print "PROVISIONING DC WITH FOREST LEVEL 2000..."; 1380 my $extra_conf_options = " 1381 spnego:simulate_w2k=yes 1382 ntlmssp_server:force_old_spnego=yes 1383 "; 1384 my $ret = $self->provision($prefix, 1385 "domain controller", 1386 "dc5", 1387 "SAMBA2000", 1388 "samba2000.example.com", 1389 "2000", 1390 "locDCpass5", 1391 undef, 1392 undef, 1393 $extra_conf_options, 1394 "", 1395 undef); 1396 1397 unless($self->add_wins_config("$prefix/private")) { 1398 warn("Unable to add wins configuration"); 1399 return undef; 1400 } 1401 $ret->{DC_SERVER} = $ret->{SERVER}; 1402 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1403 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1404 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1405 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1406 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1407 $ret->{DC_REALM} = $ret->{REALM}; 1408 1409 return $ret; 1410 } 1411 1412 sub provision_fl2003dc($$$) 976 1413 { 977 1414 my ($self, $prefix, $dcvars) = @_; 978 print "PROVISIONING VAMPIRE DC..."; 979 980 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1415 1416 print "PROVISIONING DC WITH FOREST LEVEL 2003..."; 1417 my $extra_conf_options = "allow dns updates = nonsecure and secure"; 1418 my $ret = $self->provision($prefix, 1419 "domain controller", 1420 "dc6", 1421 "SAMBA2003", 1422 "samba2003.example.com", 1423 "2003", 1424 "locDCpass6", 1425 undef, 1426 undef, 1427 $extra_conf_options, 1428 "", 1429 undef); 1430 1431 unless (defined $ret) { 1432 return undef; 1433 } 1434 1435 $ret->{DC_SERVER} = $ret->{SERVER}; 1436 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1437 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1438 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1439 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1440 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1441 1442 my @samba_tool_options; 1443 push (@samba_tool_options, Samba::bindir_path($self, "samba-tool")); 1444 push (@samba_tool_options, "domain"); 1445 push (@samba_tool_options, "passwordsettings"); 1446 push (@samba_tool_options, "set"); 1447 push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}"); 1448 push (@samba_tool_options, "--min-pwd-age=0"); 1449 push (@samba_tool_options, "--history-length=1"); 1450 1451 my $samba_tool_cmd = join(" ", @samba_tool_options); 1452 1453 unless (system($samba_tool_cmd) == 0) { 1454 warn("Unable to set min password age to 0: \n$samba_tool_cmd\n"); 1455 return undef; 1456 } 1457 1458 return $ret; 1459 1460 unless($self->add_wins_config("$prefix/private")) { 1461 warn("Unable to add wins configuration"); 1462 return undef; 1463 } 1464 1465 return $ret; 1466 } 1467 1468 sub provision_fl2008r2dc($$$) 1469 { 1470 my ($self, $prefix, $dcvars) = @_; 1471 1472 print "PROVISIONING DC WITH FOREST LEVEL 2008r2..."; 1473 my $extra_conf_options = "ldap server require strong auth = no"; 1474 my $ret = $self->provision($prefix, 1475 "domain controller", 1476 "dc7", 1477 "SAMBA2008R2", 1478 "samba2008R2.example.com", 1479 "2008_R2", 1480 "locDCpass7", 1481 undef, 1482 undef, 1483 $extra_conf_options, 1484 "", 1485 undef); 1486 1487 unless ($self->add_wins_config("$prefix/private")) { 1488 warn("Unable to add wins configuration"); 1489 return undef; 1490 } 1491 $ret->{DC_SERVER} = $ret->{SERVER}; 1492 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1493 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1494 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1495 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1496 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1497 $ret->{DC_REALM} = $ret->{REALM}; 1498 1499 return $ret; 1500 } 1501 1502 1503 sub provision_rodc($$$) 1504 { 1505 my ($self, $prefix, $dcvars) = @_; 1506 print "PROVISIONING RODC..."; 1507 1508 # We do this so that we don't run the provision. That's the job of 'net join RODC'. 981 1509 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 982 "localvampiredc", 983 "dc2", 1510 "rodc", 984 1511 "SAMBADOMAIN", 985 1512 "samba.example.com", 986 1513 "2008", 987 2, $dcvars->{PASSWORD}, 988 $dcvars->{SERVER_IP}); 1514 $dcvars->{PASSWORD}, 1515 $dcvars->{SERVER_IP}, 1516 $dcvars->{SERVER_IPV6}); 1517 unless ($ctx) { 1518 return undef; 1519 } 1520 1521 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1522 1523 $ctx->{share} = "$ctx->{prefix_abs}/share"; 1524 push(@{$ctx->{directories}}, "$ctx->{share}"); 989 1525 990 1526 $ctx->{smb_conf_extra_options} = " … … 993 1529 994 1530 [sysvol] 995 path = $ctx->{ lockdir}/sysvol1531 path = $ctx->{statedir}/sysvol 996 1532 read only = yes 997 1533 998 1534 [netlogon] 999 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts 1000 read only = no 1001 1002 "; 1003 1004 my $ret = $self->provision_raw_step1($ctx); 1005 unless ($ret) { 1006 return undef; 1007 } 1008 1009 my $samba_tool = $self->bindir_path("samba-tool"); 1010 my $cmd = ""; 1011 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1012 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1013 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 1014 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1015 1016 unless (system($cmd) == 0) { 1017 warn("Join failed\n$cmd"); 1018 return undef; 1019 } 1020 1021 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER}; 1022 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP}; 1023 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1024 $ret->{VAMPIRE_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 1025 1026 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1027 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1028 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1029 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS}; 1030 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1031 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1032 1033 return $ret; 1034 } 1035 1036 sub provision_dc($$) 1037 { 1038 my ($self, $prefix) = @_; 1039 1040 print "PROVISIONING DC..."; 1041 my $ret = $self->provision($prefix, 1042 "domain controller", 1043 "localdc", 1044 "dc1", 1045 "SAMBADOMAIN", 1046 "samba.example.com", 1047 "2008", 1048 1, 1049 "locDCpass1", 1050 "127.0.0.1", ""); 1051 1052 return undef unless(defined $ret); 1053 unless($self->add_wins_config("$prefix/private")) { 1054 warn("Unable to add wins configuration"); 1055 return undef; 1056 } 1057 1058 $ret->{DC_SERVER} = $ret->{SERVER}; 1059 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1060 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1061 $ret->{DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 1062 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1063 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1064 1065 return $ret; 1066 } 1067 1068 sub provision_fl2000dc($$) 1069 { 1070 my ($self, $prefix) = @_; 1071 1072 print "PROVISIONING DC..."; 1073 my $ret = $self->provision($prefix, 1074 "domain controller", 1075 "dc5", 1076 "localfl2000dc", 1077 "SAMBA2000", 1078 "samba2000.example.com", 1079 "2000", 1080 5, 1081 "locDCpass5", 1082 "127.0.0.5", ""); 1083 1084 unless($self->add_wins_config("$prefix/private")) { 1085 warn("Unable to add wins configuration"); 1086 return undef; 1087 } 1088 1089 return $ret; 1090 } 1091 1092 sub provision_fl2003dc($$) 1093 { 1094 my ($self, $prefix) = @_; 1095 1096 print "PROVISIONING DC..."; 1097 my $ret = $self->provision($prefix, 1098 "domain controller", 1099 "dc6", 1100 "localfl2003dc", 1101 "SAMBA2003", 1102 "samba2003.example.com", 1103 "2003", 1104 6, 1105 "locDCpass6", 1106 "127.0.0.6", ""); 1107 1108 unless($self->add_wins_config("$prefix/private")) { 1109 warn("Unable to add wins configuration"); 1110 return undef; 1111 } 1112 1113 return $ret; 1114 } 1115 1116 sub provision_fl2008r2dc($$) 1117 { 1118 my ($self, $prefix) = @_; 1119 1120 print "PROVISIONING DC..."; 1121 my $ret = $self->provision($prefix, 1122 "domain controller", 1123 "dc7", 1124 "localfl2000r2dc", 1125 "SAMBA2008R2", 1126 "samba2008R2.example.com", 1127 "2008_R2", 1128 7, 1129 "locDCpass7", 1130 "127.0.0.7", ""); 1131 1132 unless ($self->add_wins_config("$prefix/private")) { 1133 warn("Unable to add wins configuration"); 1134 return undef; 1135 } 1136 1137 return $ret; 1138 } 1139 1140 1141 sub provision_rodc($$$) 1142 { 1143 my ($self, $prefix, $dcvars) = @_; 1144 print "PROVISIONING RODC..."; 1145 1146 # We do this so that we don't run the provision. That's the job of 'net join RODC'. 1147 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1148 "rodc", 1149 "dc8", 1150 "SAMBADOMAIN", 1151 "samba.example.com", 1152 "2008", 1153 8, $dcvars->{PASSWORD}, 1154 $dcvars->{SERVER_IP}); 1155 unless ($ctx) { 1156 return undef; 1157 } 1158 1159 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp"; 1160 push(@{$ctx->{directories}}, "$ctx->{tmpdir}"); 1161 1162 $ctx->{smb_conf_extra_options} = " 1163 max xmit = 32K 1164 server max protocol = SMB2 1165 1166 [sysvol] 1167 path = $ctx->{lockdir}/sysvol 1535 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1168 1536 read only = yes 1169 1537 1170 [netlogon]1171 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts1172 read only = yes1173 1174 1538 [tmp] 1175 path = $ctx->{ tmpdir}1539 path = $ctx->{share} 1176 1540 read only = no 1177 1541 posix:sharedelay = 10000 1178 1542 posix:oplocktimeout = 3 1179 posix:writetimeupdatedelay = 50000 01543 posix:writetimeupdatedelay = 50000 1180 1544 1181 1545 "; … … 1186 1550 } 1187 1551 1188 my $samba_tool = $self->bindir_path("samba-tool");1552 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1189 1553 my $cmd = ""; 1190 1554 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1555 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1556 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1557 } else { 1558 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1559 } 1191 1560 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1192 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";1561 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC"; 1193 1562 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1563 $cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs"; 1564 1565 unless (system($cmd) == 0) { 1566 warn("RODC join failed\n$cmd"); 1567 return undef; 1568 } 1569 1570 # This ensures deterministic behaviour for tests that want to have the 'testallowed account' 1571 # user password verified on the RODC 1572 my $testallowed_account = "testallowed account"; 1573 $cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1574 $cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}"; 1194 1575 $cmd .= " --server=$dcvars->{DC_SERVER}"; 1195 1576 … … 1203 1584 # the proxy code 1204 1585 $ctx->{kdc_ipv4} = $ret->{SERVER_IP}; 1205 $self->mk_krb5_conf($ctx); 1586 $ctx->{kdc_ipv6} = $ret->{SERVER_IPV6}; 1587 Samba::mk_krb5_conf($ctx); 1206 1588 1207 1589 $ret->{RODC_DC_SERVER} = $ret->{SERVER}; 1208 1590 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP}; 1591 $ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1209 1592 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1210 $ret->{RODC_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};1211 1593 1212 1594 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1213 1595 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1596 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1214 1597 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1215 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};1216 1598 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1217 1599 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; … … 1220 1602 } 1221 1603 1604 sub provision_ad_dc($$) 1605 { 1606 my ($self, $prefix) = @_; 1607 1608 my $prefix_abs = abs_path($prefix); 1609 1610 my $bindir_abs = abs_path($self->{bindir}); 1611 my $lockdir="$prefix_abs/lockdir"; 1612 my $conffile="$prefix_abs/etc/smb.conf"; 1613 1614 my $extra_smbconf_options = " 1615 server services = -smb +s3fs 1616 xattr_tdb:file = $prefix_abs/statedir/xattr.tdb 1617 1618 dbwrap_tdb_mutexes:* = yes 1619 1620 kernel oplocks = no 1621 kernel change notify = no 1622 1623 logging = file 1624 printing = bsd 1625 printcap name = /dev/null 1626 1627 max protocol = SMB3 1628 read only = no 1629 server signing = auto 1630 1631 smbd:sharedelay = 100000 1632 smbd:writetimeupdatedelay = 500000 1633 create mask = 755 1634 dos filemode = yes 1635 1636 dcerpc endpoint servers = -winreg -srvsvc 1637 1638 printcap name = /dev/null 1639 1640 addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile -- 1641 deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile -- 1642 1643 printing = vlp 1644 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s 1645 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p 1646 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j 1647 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j 1648 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j 1649 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p 1650 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p 1651 lpq cache time = 0 1652 print notify backchannel = yes 1653 "; 1654 1655 my $extra_smbconf_shares = " 1656 1657 [tmpenc] 1658 copy = tmp 1659 smb encrypt = required 1660 1661 [tmpcase] 1662 copy = tmp 1663 case sensitive = yes 1664 1665 [tmpguest] 1666 copy = tmp 1667 guest ok = yes 1668 1669 [hideunread] 1670 copy = tmp 1671 hide unreadable = yes 1672 1673 [durable] 1674 copy = tmp 1675 kernel share modes = no 1676 kernel oplocks = no 1677 posix locking = no 1678 1679 [print\$] 1680 copy = tmp 1681 1682 [print1] 1683 copy = tmp 1684 printable = yes 1685 1686 [print2] 1687 copy = print1 1688 [print3] 1689 copy = print1 1690 [lp] 1691 copy = print1 1692 "; 1693 1694 print "PROVISIONING AD DC..."; 1695 my $ret = $self->provision($prefix, 1696 "domain controller", 1697 "addc", 1698 "ADDOMAIN", 1699 "addom.samba.example.com", 1700 "2008", 1701 "locDCpass1", 1702 undef, 1703 undef, 1704 $extra_smbconf_options, 1705 $extra_smbconf_shares, 1706 undef); 1707 1708 return undef unless(defined $ret); 1709 unless($self->add_wins_config("$prefix/private")) { 1710 warn("Unable to add wins configuration"); 1711 return undef; 1712 } 1713 1714 $ret->{DC_SERVER} = $ret->{SERVER}; 1715 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1716 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1717 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1718 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1719 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1720 1721 return $ret; 1722 } 1723 1724 sub provision_chgdcpass($$) 1725 { 1726 my ($self, $prefix) = @_; 1727 1728 print "PROVISIONING CHGDCPASS..."; 1729 my $extra_provision_options = undef; 1730 push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ"); 1731 my $ret = $self->provision($prefix, 1732 "domain controller", 1733 "chgdcpass", 1734 "CHDCDOMAIN", 1735 "chgdcpassword.samba.example.com", 1736 "2008", 1737 "chgDCpass1", 1738 undef, 1739 undef, 1740 "", 1741 "", 1742 $extra_provision_options); 1743 1744 return undef unless(defined $ret); 1745 unless($self->add_wins_config("$prefix/private")) { 1746 warn("Unable to add wins configuration"); 1747 return undef; 1748 } 1749 1750 # Remove secrets.tdb from this environment to test that we 1751 # still start up on systems without the new matching 1752 # secrets.tdb records. 1753 unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) { 1754 warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision"); 1755 return undef; 1756 } 1757 1758 $ret->{DC_SERVER} = $ret->{SERVER}; 1759 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1760 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1761 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1762 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1763 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1764 1765 return $ret; 1766 } 1767 1222 1768 sub teardown_env($$) 1223 1769 { … … 1225 1771 my $pid; 1226 1772 1227 close(DATA); 1228 1229 if (open(IN, "<$envvars->{PIDDIR}/samba.pid")) { 1230 $pid = <IN>; 1231 close(IN); 1232 1233 # Give the process 20 seconds to exit. gcov needs 1234 # this time to write out the covarge data 1235 my $count = 0; 1236 until (kill(0, $pid) == 0) { 1237 # if no process sucessfully signalled, then we are done 1238 sleep(1); 1239 $count++; 1240 last if $count > 20; 1241 } 1242 1243 # If it is still around, kill it 1244 if ($count > 20) { 1245 print "server process $pid took more than $count seconds to exit, killing\n"; 1246 kill 9, $pid; 1247 } 1248 } 1249 1250 my $failed = $? >> 8; 1773 # This should cause samba to terminate gracefully 1774 close($envvars->{STDIN_PIPE}); 1775 1776 $pid = $envvars->{SAMBA_PID}; 1777 my $count = 0; 1778 my $childpid; 1779 1780 # This should give it time to write out the gcov data 1781 until ($count > 30) { 1782 if (Samba::cleanup_child($pid, "samba") == -1) { 1783 last; 1784 } 1785 sleep(1); 1786 $count++; 1787 } 1788 1789 if ($count > 30 || kill(0, $pid)) { 1790 kill "TERM", $pid; 1791 1792 until ($count > 40) { 1793 if (Samba::cleanup_child($pid, "samba") == -1) { 1794 last; 1795 } 1796 sleep(1); 1797 $count++; 1798 } 1799 # If it is still around, kill it 1800 warn "server process $pid took more than $count seconds to exit, killing\n"; 1801 kill 9, $pid; 1802 } 1251 1803 1252 1804 $self->slapd_stop($envvars) if ($self->{ldap}); … … 1254 1806 print $self->getlog_env($envvars); 1255 1807 1256 return $failed;1808 return; 1257 1809 } 1258 1810 … … 1280 1832 { 1281 1833 my ($self, $envvars) = @_; 1282 1283 return (-p $envvars->{SAMBA_TEST_FIFO}); 1834 my $samba_pid = $envvars->{SAMBA_PID}; 1835 1836 if (not defined($samba_pid)) { 1837 return 0; 1838 } elsif ($samba_pid > 0) { 1839 my $childpid = Samba::cleanup_child($samba_pid, "samba"); 1840 1841 if ($childpid == 0) { 1842 return 1; 1843 } 1844 return 0; 1845 } else { 1846 return 1; 1847 } 1848 1284 1849 } 1285 1850 … … 1287 1852 { 1288 1853 my ($self, $envname, $path) = @_; 1854 my $target3 = $self->{target3}; 1289 1855 1290 1856 $ENV{ENVNAME} = $envname; 1291 1857 1292 if ($envname eq "dc") { 1293 return $self->setup_dc("$path/dc"); 1858 if (defined($self->{vars}->{$envname})) { 1859 return $self->{vars}->{$envname}; 1860 } 1861 1862 if ($envname eq "ad_dc_ntvfs") { 1863 return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1294 1864 } elsif ($envname eq "fl2000dc") { 1295 1865 return $self->setup_fl2000dc("$path/fl2000dc"); 1296 1866 } elsif ($envname eq "fl2003dc") { 1297 return $self->setup_fl2003dc("$path/fl2003dc"); 1867 if (not defined($self->{vars}->{ad_dc})) { 1868 $self->setup_ad_dc("$path/ad_dc"); 1869 } 1870 return $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{ad_dc}); 1298 1871 } elsif ($envname eq "fl2008r2dc") { 1299 return $self->setup_fl2008r2dc("$path/fl2008r2dc"); 1872 if (not defined($self->{vars}->{ad_dc})) { 1873 $self->setup_ad_dc("$path/ad_dc"); 1874 } 1875 return $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{ad_dc}); 1300 1876 } elsif ($envname eq "rpc_proxy") { 1301 if (not defined($self->{vars}->{ dc})) {1302 $self->setup_ dc("$path/dc");1303 } 1304 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ dc});1877 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1878 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1879 } 1880 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ad_dc_ntvfs}); 1305 1881 } elsif ($envname eq "vampire_dc") { 1306 if (not defined($self->{vars}->{dc})) { 1307 $self->setup_dc("$path/dc"); 1308 } 1309 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc}); 1310 } elsif ($envname eq "member") { 1311 if (not defined($self->{vars}->{dc})) { 1312 $self->setup_dc("$path/dc"); 1313 } 1314 return $self->setup_member("$path/member", $self->{vars}->{dc}); 1882 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1883 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1884 } 1885 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs}); 1886 } elsif ($envname eq "promoted_dc") { 1887 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1888 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1889 } 1890 return $self->setup_promoted_dc("$path/promoted_dc", $self->{vars}->{ad_dc_ntvfs}); 1891 } elsif ($envname eq "subdom_dc") { 1892 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1893 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1894 } 1895 return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs}); 1896 } elsif ($envname eq "s4member") { 1897 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1898 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1899 } 1900 return $self->setup_s4member("$path/s4member", $self->{vars}->{ad_dc_ntvfs}); 1315 1901 } elsif ($envname eq "rodc") { 1316 if (not defined($self->{vars}->{dc})) { 1317 $self->setup_dc("$path/dc"); 1318 } 1319 return $self->setup_rodc("$path/rodc", $self->{vars}->{dc}); 1320 } elsif ($envname eq "all") { 1321 if (not defined($self->{vars}->{dc})) { 1322 $ENV{ENVNAME} = "dc"; 1323 $self->setup_dc("$path/dc"); 1324 } 1325 my $ret = $self->setup_member("$path/member", $self->{vars}->{dc}); 1326 if (not defined($self->{vars}->{rpc_proxy})) { 1327 $ENV{ENVNAME} = "rpc_proxy"; 1328 my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc}); 1329 1330 $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER}; 1331 $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP}; 1332 $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME}; 1333 $ret->{RPC_PROXY_NETBIOSALIAS} = $rpc_proxy_ret->{NETBIOSALIAS}; 1334 $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME}; 1335 $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD}; 1336 } 1337 if (not defined($self->{vars}->{fl2000dc})) { 1338 $ENV{ENVNAME} = "fl2000dc"; 1339 my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc}); 1340 1341 $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER}; 1342 $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP}; 1343 $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME}; 1344 $ret->{FL2000DC_NETBIOSALIAS} = $fl2000dc_ret->{NETBIOSALIAS}; 1345 $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME}; 1346 $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD}; 1347 } 1348 if (not defined($self->{vars}->{fl2003dc})) { 1349 $ENV{ENVNAME} = "fl2003dc"; 1350 my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc}); 1351 1352 $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER}; 1353 $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP}; 1354 $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME}; 1355 $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS}; 1356 $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME}; 1357 $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD}; 1358 } 1359 if (not defined($self->{vars}->{fl2008r2dc})) { 1360 $ENV{ENVNAME} = "fl2008r2dc"; 1361 my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc}); 1362 1363 $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER}; 1364 $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP}; 1365 $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME}; 1366 $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS}; 1367 $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME}; 1368 $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD}; 1369 } 1370 return $ret; 1902 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1903 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1904 } 1905 return $self->setup_rodc("$path/rodc", $self->{vars}->{ad_dc_ntvfs}); 1906 } elsif ($envname eq "chgdcpass") { 1907 return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass}); 1908 } elsif ($envname eq "ad_member") { 1909 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1910 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1911 } 1912 return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29); 1913 } elsif ($envname eq "ad_dc") { 1914 return $self->setup_ad_dc("$path/ad_dc"); 1915 } elsif ($envname eq "ad_dc_no_nss") { 1916 return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss"); 1917 } elsif ($envname eq "ad_member_rfc2307") { 1918 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1919 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1920 } 1921 return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307", 1922 $self->{vars}->{ad_dc_ntvfs}, 34); 1923 } elsif ($envname eq "none") { 1924 return $self->setup_none("$path/none"); 1371 1925 } else { 1372 warn("Samba4 can't provide environment '$envname'"); 1373 return undef; 1374 } 1375 } 1376 1377 sub setup_member($$$) 1926 return "UNKNOWN"; 1927 } 1928 } 1929 1930 sub setup_s4member($$$) 1378 1931 { 1379 1932 my ($self, $path, $dc_vars) = @_; 1380 1933 1381 my $env = $self->provision_ member($path, $dc_vars);1934 my $env = $self->provision_s4member($path, $dc_vars); 1382 1935 1383 1936 if (defined $env) { 1384 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));1385 1386 $self->wait_for_start($env);1387 1388 $self->{vars}->{ member} = $env;1937 if (not defined($self->check_or_start($env, "single"))) { 1938 return undef; 1939 } 1940 1941 $self->{vars}->{s4member} = $env; 1389 1942 } 1390 1943 … … 1399 1952 1400 1953 if (defined $env) { 1401 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));1402 1403 $self->wait_for_start($env);1954 if (not defined($self->check_or_start($env, "single"))) { 1955 return undef; 1956 } 1404 1957 1405 1958 $self->{vars}->{rpc_proxy} = $env; … … 1408 1961 } 1409 1962 1410 sub setup_ dc($$)1963 sub setup_ad_dc_ntvfs($$) 1411 1964 { 1412 1965 my ($self, $path) = @_; 1413 1966 1414 my $env = $self->provision_ dc($path);1967 my $env = $self->provision_ad_dc_ntvfs($path); 1415 1968 if (defined $env) { 1416 $self->check_or_start($env, 1417 ($ENV{SMBD_MAXTIME} or 7500)); 1418 1419 $self->wait_for_start($env); 1420 1421 $self->{vars}->{dc} = $env; 1969 if (not defined($self->check_or_start($env, "standard"))) { 1970 warn("Failed to start ad_dc_ntvfs"); 1971 return undef; 1972 } 1973 1974 $self->{vars}->{ad_dc_ntvfs} = $env; 1975 } 1976 return $env; 1977 } 1978 1979 sub setup_chgdcpass($$) 1980 { 1981 my ($self, $path) = @_; 1982 1983 my $env = $self->provision_chgdcpass($path); 1984 if (defined $env) { 1985 if (not defined($self->check_or_start($env, "single"))) { 1986 return undef; 1987 } 1988 1989 $self->{vars}->{chgdcpass} = $env; 1422 1990 } 1423 1991 return $env; … … 1430 1998 my $env = $self->provision_fl2000dc($path); 1431 1999 if (defined $env) { 1432 $self->check_or_start($env, 1433 ($ENV{SMBD_MAXTIME} or 7500)); 1434 1435 $self->wait_for_start($env); 2000 if (not defined($self->check_or_start($env, "single"))) { 2001 return undef; 2002 } 1436 2003 1437 2004 $self->{vars}->{fl2000dc} = $env; … … 1441 2008 } 1442 2009 1443 sub setup_fl2003dc($$ )1444 { 1445 my ($self, $path ) = @_;2010 sub setup_fl2003dc($$$) 2011 { 2012 my ($self, $path, $dc_vars) = @_; 1446 2013 1447 2014 my $env = $self->provision_fl2003dc($path); 1448 2015 1449 2016 if (defined $env) { 1450 $self->check_or_start($env, 1451 ($ENV{SMBD_MAXTIME} or 7500)); 1452 1453 $self->wait_for_start($env); 2017 if (not defined($self->check_or_start($env, "single"))) { 2018 return undef; 2019 } 2020 2021 $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys"); 1454 2022 1455 2023 $self->{vars}->{fl2003dc} = $env; … … 1458 2026 } 1459 2027 1460 sub setup_fl2008r2dc($$ )1461 { 1462 my ($self, $path ) = @_;2028 sub setup_fl2008r2dc($$$) 2029 { 2030 my ($self, $path, $dc_vars) = @_; 1463 2031 1464 2032 my $env = $self->provision_fl2008r2dc($path); 1465 2033 1466 2034 if (defined $env) { 1467 $self->check_or_start($env, 1468 ($ENV{SMBD_MAXTIME} or 7500)); 1469 1470 $self->wait_for_start($env); 2035 if (not defined($self->check_or_start($env, "single"))) { 2036 return undef; 2037 } 2038 2039 my $upn_array = ["$env->{REALM}.upn"]; 2040 my $spn_array = ["$env->{REALM}.spn"]; 2041 2042 $self->setup_namespaces($env, $upn_array, $spn_array); 2043 2044 $env = $self->setup_trust($env, $dc_vars, "forest", ""); 1471 2045 1472 2046 $self->{vars}->{fl2008r2dc} = $env; … … 1483 2057 1484 2058 if (defined $env) { 1485 $self->check_or_start($env, 1486 ($ENV{SMBD_MAXTIME} or 7500)); 1487 1488 $self->wait_for_start($env); 2059 if (not defined($self->check_or_start($env, "single"))) { 2060 return undef; 2061 } 1489 2062 1490 2063 $self->{vars}->{vampire_dc} = $env; … … 1492 2065 # force replicated DC to update repsTo/repsFrom 1493 2066 # for vampired partitions 1494 my $samba_tool = $self->bindir_path("samba-tool");2067 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1495 2068 my $cmd = ""; 1496 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2069 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 2070 if (defined($env->{RESOLV_WRAPPER_CONF})) { 2071 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" "; 2072 } else { 2073 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" "; 2074 } 1497 2075 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 1498 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2076 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}"; 2077 $cmd .= " $env->{CONFIGURATION}"; 1499 2078 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 1500 2079 unless (system($cmd) == 0) { … … 1506 2085 # we need to synchronize data between DCs 1507 2086 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 1508 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2087 $cmd = ""; 2088 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 2089 if (defined($env->{RESOLV_WRAPPER_CONF})) { 2090 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" "; 2091 } else { 2092 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" "; 2093 } 1509 2094 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 1510 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}"; 2095 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; 2096 $cmd .= " $dc_vars->{CONFIGURATION}"; 1511 2097 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 1512 2098 # replicate Configuration NC … … 1527 2113 } 1528 2114 2115 sub setup_promoted_dc($$$) 2116 { 2117 my ($self, $path, $dc_vars) = @_; 2118 2119 my $env = $self->provision_promoted_dc($path, $dc_vars); 2120 2121 if (defined $env) { 2122 if (not defined($self->check_or_start($env, "single"))) { 2123 return undef; 2124 } 2125 2126 $self->{vars}->{promoted_dc} = $env; 2127 2128 # force source and replicated DC to update repsTo/repsFrom 2129 # for vampired partitions 2130 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2131 my $cmd = ""; 2132 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2133 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2134 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2135 $cmd .= " $env->{CONFIGURATION}"; 2136 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2137 unless (system($cmd) == 0) { 2138 warn("Failed to exec kcc\n$cmd"); 2139 return undef; 2140 } 2141 2142 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2143 my $cmd = ""; 2144 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2145 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2146 $cmd .= " $samba_tool drs kcc $env->{SERVER}"; 2147 $cmd .= " $env->{CONFIGURATION}"; 2148 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2149 unless (system($cmd) == 0) { 2150 warn("Failed to exec kcc\n$cmd"); 2151 return undef; 2152 } 2153 2154 # as 'vampired' dc may add data in its local replica 2155 # we need to synchronize data between DCs 2156 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2157 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2158 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2159 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; 2160 $cmd .= " $dc_vars->{CONFIGURATION}"; 2161 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2162 # replicate Configuration NC 2163 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; 2164 unless(system($cmd_repl) == 0) { 2165 warn("Failed to replicate\n$cmd_repl"); 2166 return undef; 2167 } 2168 # replicate Default NC 2169 $cmd_repl = "$cmd \"$base_dn\""; 2170 unless(system($cmd_repl) == 0) { 2171 warn("Failed to replicate\n$cmd_repl"); 2172 return undef; 2173 } 2174 } 2175 2176 return $env; 2177 } 2178 2179 sub setup_subdom_dc($$$) 2180 { 2181 my ($self, $path, $dc_vars) = @_; 2182 2183 my $env = $self->provision_subdom_dc($path, $dc_vars); 2184 2185 if (defined $env) { 2186 if (not defined($self->check_or_start($env, "single"))) { 2187 return undef; 2188 } 2189 2190 $self->{vars}->{subdom_dc} = $env; 2191 2192 # force replicated DC to update repsTo/repsFrom 2193 # for primary domain partitions 2194 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2195 my $cmd = ""; 2196 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2197 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2198 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2199 $cmd .= " $env->{CONFIGURATION}"; 2200 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}"; 2201 unless (system($cmd) == 0) { 2202 warn("Failed to exec kcc\n$cmd"); 2203 return undef; 2204 } 2205 2206 # as 'subdomain' dc may add data in its local replica 2207 # we need to synchronize data between DCs 2208 my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM})); 2209 my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2210 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2211 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2212 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}"; 2213 $cmd .= " $dc_vars->{CONFIGURATION}"; 2214 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}"; 2215 # replicate Configuration NC 2216 my $cmd_repl = "$cmd \"$config_dn\""; 2217 unless(system($cmd_repl) == 0) { 2218 warn("Failed to replicate\n$cmd_repl"); 2219 return undef; 2220 } 2221 # replicate Default NC 2222 $cmd_repl = "$cmd \"$base_dn\""; 2223 unless(system($cmd_repl) == 0) { 2224 warn("Failed to replicate\n$cmd_repl"); 2225 return undef; 2226 } 2227 } 2228 2229 return $env; 2230 } 2231 1529 2232 sub setup_rodc($$$) 1530 2233 { … … 1537 2240 } 1538 2241 1539 $self->check_or_start($env, 1540 ($ENV{SMBD_MAXTIME} or 7500)); 1541 1542 $self->wait_for_start($env); 2242 if (not defined($self->check_or_start($env, "single"))) { 2243 return undef; 2244 } 2245 2246 # force source and replicated DC to update repsTo/repsFrom 2247 # for vampired partitions 2248 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2249 my $cmd = ""; 2250 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2251 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2252 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}"; 2253 $cmd .= " $env->{CONFIGURATION}"; 2254 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2255 unless (system($cmd) == 0) { 2256 warn("Failed to exec kcc\n$cmd"); 2257 return undef; 2258 } 2259 2260 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2261 my $cmd = ""; 2262 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2263 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2264 $cmd .= " $samba_tool drs kcc -k no $env->{SERVER}"; 2265 $cmd .= " $env->{CONFIGURATION}"; 2266 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2267 unless (system($cmd) == 0) { 2268 warn("Failed to exec kcc\n$cmd"); 2269 return undef; 2270 } 2271 2272 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2273 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2274 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2275 $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}"; 2276 $cmd .= " $dc_vars->{CONFIGURATION}"; 2277 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2278 # replicate Configuration NC 2279 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; 2280 unless(system($cmd_repl) == 0) { 2281 warn("Failed to replicate\n$cmd_repl"); 2282 return undef; 2283 } 2284 # replicate Default NC 2285 $cmd_repl = "$cmd \"$base_dn\""; 2286 unless(system($cmd_repl) == 0) { 2287 warn("Failed to replicate\n$cmd_repl"); 2288 return undef; 2289 } 1543 2290 1544 2291 $self->{vars}->{rodc} = $env; … … 1547 2294 } 1548 2295 2296 sub setup_ad_dc($$) 2297 { 2298 my ($self, $path, $no_nss) = @_; 2299 2300 # If we didn't build with ADS, pretend this env was never available 2301 if (not $self->{target3}->have_ads()) { 2302 return "UNKNOWN"; 2303 } 2304 2305 my $env = $self->provision_ad_dc($path); 2306 unless ($env) { 2307 return undef; 2308 } 2309 2310 if (defined($no_nss) and $no_nss) { 2311 $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef; 2312 $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef; 2313 } 2314 2315 if (not defined($self->check_or_start($env, "single"))) { 2316 return undef; 2317 } 2318 2319 my $upn_array = ["$env->{REALM}.upn"]; 2320 my $spn_array = ["$env->{REALM}.spn"]; 2321 2322 $self->setup_namespaces($env, $upn_array, $spn_array); 2323 2324 $self->{vars}->{ad_dc} = $env; 2325 return $env; 2326 } 2327 2328 sub setup_none($$) 2329 { 2330 my ($self, $path) = @_; 2331 2332 my $ret = { 2333 KRB5_CONFIG => abs_path($path) . "/no_krb5.conf", 2334 SAMBA_PID => -1, 2335 } 2336 } 2337 1549 2338 1;
Note:
See TracChangeset
for help on using the changeset viewer.
