Changeset 988 for vendor/current/selftest/target/Samba4.pm
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- File:
-
- 1 edited
-
vendor/current/selftest/target/Samba4.pm (modified) (50 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/selftest/target/Samba4.pm
r740 r988 11 11 use POSIX; 12 12 use SocketWrapper; 13 use target::Samba; 14 use target::Samba3; 13 15 14 16 sub new($$$$$) { 15 my ($classname, $bindir, $ldap, $srcdir, $ exeext) = @_;16 $exeext = "" unless defined($exeext); 17 my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_; 18 17 19 my $self = { 18 20 vars => {}, … … 20 22 bindir => $bindir, 21 23 srcdir => $srcdir, 22 exeext => $exeext 24 server_maxtime => $server_maxtime, 25 target3 => new Samba3($bindir, $srcdir, $server_maxtime) 23 26 }; 24 27 bless $self; … … 26 29 } 27 30 28 sub bindir_path($$) {29 my ($self, $path) = @_;30 31 my $valpath = "$self->{bindir}/$path$self->{exeext}";32 33 return $valpath if (-f $valpath);34 return $path;35 }36 37 31 sub scriptdir_path($$) { 38 32 my ($self, $path) = @_; … … 46 40 { 47 41 my $count = 0; 48 my ($self, $env_vars ) = @_;49 my $ldbsearch = $self->bindir_path("ldbsearch");42 my ($self, $env_vars, $STDIN_READER) = @_; 43 my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); 50 44 51 45 my $uri = $env_vars->{LDAP_URI}; … … 57 51 # running slapd in the background means it stays in the same process group, so it can be 58 52 # killed by timelimit 59 if ($self->{ldap} eq "fedora-ds") { 60 system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &"); 61 } elsif ($self->{ldap} eq "openldap") { 62 system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &"); 63 } 53 my $pid = fork(); 54 if ($pid == 0) { 55 open STDOUT, ">$env_vars->{LDAPDIR}/logs"; 56 open STDERR, '>&STDOUT'; 57 close($env_vars->{STDIN_PIPE}); 58 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 59 60 if ($self->{ldap} eq "fedora-ds") { 61 exec("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd", "-D", $env_vars->{FEDORA_DS_DIR}, "-d0", "-i", $env_vars->{FEDORA_DS_PIDFILE}); 62 } elsif ($self->{ldap} eq "openldap") { 63 exec($ENV{OPENLDAP_SLAPD}, "-dnone", "-F", $env_vars->{SLAPD_CONF_D}, "-h", $uri); 64 } 65 die("Unable to start slapd: $!"); 66 } 67 $env_vars->{SLAPD_PID} = $pid; 68 sleep(1); 64 69 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) { 65 70 $count++; … … 76 81 { 77 82 my ($self, $envvars) = @_; 78 if ($self->{ldap} eq "fedora-ds") { 79 system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd"); 80 } elsif ($self->{ldap} eq "openldap") { 81 unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) { 82 warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}"); 83 return 0; 84 } 85 kill 9, <IN>; 86 close(IN); 87 } 83 kill 9, $envvars->{SLAPD_PID}; 88 84 return 1; 89 85 } … … 91 87 sub check_or_start($$$) 92 88 { 93 my ($self, $env_vars, $max_time) = @_; 94 return 0 if ( -p $env_vars->{SAMBA_TEST_FIFO}); 95 96 unlink($env_vars->{SAMBA_TEST_FIFO}); 97 POSIX::mkfifo($env_vars->{SAMBA_TEST_FIFO}, 0700); 98 unlink($env_vars->{SAMBA_TEST_LOG}); 99 100 my $pwd = `pwd`; 101 print "STARTING SAMBA for $ENV{ENVNAME}\n"; 89 my ($self, $env_vars, $process_model) = @_; 90 my $STDIN_READER; 91 92 my $env_ok = $self->check_env($env_vars); 93 if ($env_ok) { 94 return $env_vars->{SAMBA_PID}; 95 } 96 97 # use a pipe for stdin in the child processes. This allows 98 # those processes to monitor the pipe for EOF to ensure they 99 # exit when the test script exits 100 pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); 101 102 # Start slapd before samba, but with the fifo on stdin 103 if (defined($self->{ldap})) { 104 unless($self->slapd_start($env_vars, $STDIN_READER)) { 105 warn("couldn't start slapd (main run)"); 106 return undef; 107 } 108 } 109 110 print "STARTING SAMBA..."; 102 111 my $pid = fork(); 103 112 if ($pid == 0) { 104 open STDIN, $env_vars->{SAMBA_TEST_FIFO};105 113 # we want out from samba to go to the log file, but also 106 114 # to the users terminal when running 'make test' on the command … … 111 119 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); 112 120 113 my $valgrind = "";114 if (defined($ENV{SAMBA_VALGRIND})) {115 $valgrind = $ENV{SAMBA_VALGRIND};116 }117 118 121 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG}; 119 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR}; 122 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}; 123 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR}; 120 124 121 125 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; 122 126 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; 127 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS}; 128 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}; 129 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}; 130 131 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) { 132 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF}; 133 } else { 134 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS}; 135 } 123 136 124 137 $ENV{UID_WRAPPER} = "1"; 125 126 # Start slapd before samba, but with the fifo on stdin 127 if (defined($self->{ldap})) { 128 unless($self->slapd_start($env_vars)) { 129 warn("couldn't start slapd (main run)"); 130 return undef; 131 } 132 } 133 134 my $optarg = ""; 135 if (defined($max_time)) { 136 $optarg = "--maximum-runtime=$max_time "; 137 } 138 $ENV{UID_WRAPPER_ROOT} = "1"; 139 140 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba"); 141 my @preargs = (); 142 my @optargs = (); 138 143 if (defined($ENV{SAMBA_OPTIONS})) { 139 $optarg.= " $ENV{SAMBA_OPTIONS}"; 140 } 141 my $samba = $self->bindir_path("samba"); 142 143 # allow selection of the process model using 144 # the environment varibale SAMBA_PROCESS_MODEL 145 # that allows us to change the process model for 146 # individual machines in the build farm 147 my $model = "single"; 148 if (defined($ENV{SAMBA_PROCESS_MODEL})) { 149 $model = $ENV{SAMBA_PROCESS_MODEL}; 150 } 151 chomp($pwd); 152 my $cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $model -i"; 153 my $ret = system("$cmdline"); 154 if ($ret == -1) { 155 print "Unable to start $cmdline: $ret: $!\n"; 156 exit 1; 157 } 158 my $exit = ($ret >> 8); 159 unlink($env_vars->{SAMBA_TEST_FIFO}); 160 if ($ret == 0) { 161 print "$samba exited with no error\n"; 162 exit 0; 163 } elsif ( $ret & 127 ) { 164 print "$samba got signal ".($ret & 127)." and exits with $exit!\n"; 165 } else { 166 print "$samba failed with status $exit!\n"; 167 } 168 if ($exit == 0) { 169 $exit = -1; 170 } 171 exit $exit; 172 } 173 print "DONE\n"; 174 175 open(DATA, ">$env_vars->{SAMBA_TEST_FIFO}"); 144 @optargs = split(/ /, $ENV{SAMBA_OPTIONS}); 145 } 146 if(defined($ENV{SAMBA_VALGRIND})) { 147 @preargs = split(/ /,$ENV{SAMBA_VALGRIND}); 148 } 149 150 close($env_vars->{STDIN_PIPE}); 151 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; 152 153 exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); 154 } 155 $env_vars->{SAMBA_PID} = $pid; 156 print "DONE ($pid)\n"; 157 158 close($STDIN_READER); 159 160 if ($self->wait_for_start($env_vars) != 0) { 161 warn("Samba $pid failed to start up"); 162 return undef; 163 } 176 164 177 165 return $pid; … … 181 169 { 182 170 my ($self, $testenv_vars) = @_; 171 my $ret = 0; 172 173 if (not $self->check_env($testenv_vars)) { 174 warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running"); 175 return -1; 176 } 177 183 178 # give time for nbt server to register its names 184 179 print "delaying for nbt name registration\n"; … … 187 182 # This will return quickly when things are up, but be slow if we 188 183 # need to wait for (eg) SSL init 189 my $nmblookup = $self->bindir_path("nmblookup");184 my $nmblookup = Samba::bindir_path($self, "nmblookup4"); 190 185 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); 191 186 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); 192 187 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 193 188 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 194 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOS ALIAS}");195 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOS ALIAS}");189 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 190 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 196 191 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); 197 192 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); 198 193 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 199 194 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 200 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}"); 201 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}"); 202 195 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); 196 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); 197 198 # Ensure we have the first RID Set before we start tests. This makes the tests more reliable. 199 if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) { 200 # Add hosts file for name lookups 201 $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS}; 202 if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) { 203 $ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF}; 204 } else { 205 $ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS}; 206 } 207 208 print "waiting for working LDAP and a RID Set to be allocated\n"; 209 my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); 210 my $count = 0; 211 my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM})); 212 my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn"; 213 sleep(1); 214 while (system("$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null") != 0) { 215 $count++; 216 if ($count > 40) { 217 $ret = -1; 218 last; 219 } 220 sleep(1); 221 } 222 } 203 223 print $self->getlog_env($testenv_vars); 224 225 return $ret 204 226 } 205 227 … … 208 230 my ($self, $file, $ldif) = @_; 209 231 210 my $ldbadd = $self->bindir_path("ldbadd");232 my $ldbadd = Samba::bindir_path($self, "ldbadd"); 211 233 open(LDIF, "|$ldbadd -H $file >/dev/null"); 212 234 print LDIF $ldif; … … 251 273 } 252 274 253 sub mk_keyblobs($$) 254 { 255 my ($self, $tlsdir) = @_; 256 257 #TLS and PKINIT crypto blobs 258 my $dhfile = "$tlsdir/dhparms.pem"; 259 my $cafile = "$tlsdir/ca.pem"; 260 my $certfile = "$tlsdir/cert.pem"; 261 my $reqkdc = "$tlsdir/req-kdc.der"; 262 my $kdccertfile = "$tlsdir/kdc.pem"; 263 my $keyfile = "$tlsdir/key.pem"; 264 my $adminkeyfile = "$tlsdir/adminkey.pem"; 265 my $reqadmin = "$tlsdir/req-admin.der"; 266 my $admincertfile = "$tlsdir/admincert.pem"; 267 my $admincertupnfile = "$tlsdir/admincertupn.pem"; 268 269 mkdir($tlsdir, 0777); 270 271 #This is specified here to avoid draining entropy on every run 272 open(DHFILE, ">$dhfile"); 273 print DHFILE <<EOF; 274 -----BEGIN DH PARAMETERS----- 275 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO 276 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv 277 YX70obsCAQI= 278 -----END DH PARAMETERS----- 279 EOF 280 close(DHFILE); 281 282 #Likewise, we pregenerate the key material. This allows the 283 #other certificates to be pre-generated 284 open(KEYFILE, ">$keyfile"); 285 print KEYFILE <<EOF; 286 -----BEGIN RSA PRIVATE KEY----- 287 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc 288 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H 289 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB 290 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6 291 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq 292 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p 293 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X 294 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ 295 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC 296 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu 297 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz 298 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki 299 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG 300 -----END RSA PRIVATE KEY----- 301 EOF 302 close(KEYFILE); 303 304 open(ADMINKEYFILE, ">$adminkeyfile"); 305 306 print ADMINKEYFILE <<EOF; 307 -----BEGIN RSA PRIVATE KEY----- 308 MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF 309 5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM 310 XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB 311 AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB 312 cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L 313 osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN 314 u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4 315 eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz 316 I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4 317 ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2 318 OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE 319 yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG 320 +cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko 321 -----END RSA PRIVATE KEY----- 322 EOF 323 324 #generated with 325 # hxtool issue-certificate --self-signed --issue-ca \ 326 # --ca-private-key="FILE:$KEYFILE" \ 327 # --subject="CN=CA,DC=samba,DC=example,DC=com" \ 328 # --certificate="FILE:$CAFILE" --lifetime="25 years" 329 330 open(CAFILE, ">$cafile"); 331 print CAFILE <<EOF; 332 -----BEGIN CERTIFICATE----- 333 MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR 334 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 335 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx 336 MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 337 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA 338 A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6 339 I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm 340 ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC 341 AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ 342 KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO 343 yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR 344 HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g= 345 -----END CERTIFICATE----- 346 EOF 347 348 #generated with GNUTLS internally in Samba. 349 350 open(CERTFILE, ">$certfile"); 351 print CERTFILE <<EOF; 352 -----BEGIN CERTIFICATE----- 353 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft 354 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1 355 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw 356 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p 357 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0 358 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB 359 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+ 360 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p 361 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw 362 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB 363 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG 364 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz 365 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA== 366 -----END CERTIFICATE----- 367 EOF 368 close(CERTFILE); 369 370 #KDC certificate 371 # hxtool request-create \ 372 # --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \ 373 # --key="FILE:$KEYFILE" $KDCREQ 374 375 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 376 # --type="pkinit-kdc" \ 377 # --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \ 378 # --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \ 379 # --lifetime="25 years" 380 381 open(KDCCERTFILE, ">$kdccertfile"); 382 print KDCCERTFILE <<EOF; 383 -----BEGIN CERTIFICATE----- 384 MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR 385 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 386 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx 387 MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 388 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0 389 Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF 390 yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5 391 PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB 392 AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w 393 S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji 394 dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK 395 MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B 396 AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc 397 ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv 398 KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg== 399 -----END CERTIFICATE----- 400 EOF 401 402 # hxtool request-create \ 403 # --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \ 404 # --key="FILE:$ADMINKEYFILE" $ADMINREQFILE 405 406 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 407 # --type="pkinit-client" \ 408 # --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \ 409 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \ 410 # --lifetime="25 years" 411 412 open(ADMINCERTFILE, ">$admincertfile"); 413 print ADMINCERTFILE <<EOF; 414 -----BEGIN CERTIFICATE----- 415 MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR 416 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 417 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw 418 MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 419 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p 420 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G 421 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF 422 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd 423 l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr 424 BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu 425 RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ 426 ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV 427 HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1 428 7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma 429 nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l 430 -----END CERTIFICATE----- 431 EOF 432 close(ADMINCERTFILE); 433 434 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \ 435 # --type="pkinit-client" \ 436 # --ms-upn="administrator@samba.example.com" \ 437 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \ 438 # --lifetime="25 years" 439 440 open(ADMINCERTUPNFILE, ">$admincertupnfile"); 441 print ADMINCERTUPNFILE <<EOF; 442 -----BEGIN CERTIFICATE----- 443 MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR 444 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy 445 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw 446 MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl 447 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p 448 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G 449 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF 450 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd 451 l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr 452 BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p 453 c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS 454 +jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG 455 9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS 456 Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq 457 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ== 458 -----END CERTIFICATE----- 459 EOF 460 } 461 462 sub mk_krb5_conf($$) 463 { 464 my ($self, $ctx) = @_; 465 466 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { 467 warn("can't open $ctx->{krb5_conf}$?"); 468 return undef; 469 } 470 print KRB5CONF " 471 #Generated krb5.conf for $ctx->{realm} 472 473 [libdefaults] 474 default_realm = $ctx->{realm} 475 dns_lookup_realm = false 476 dns_lookup_kdc = false 477 ticket_lifetime = 24h 478 forwardable = yes 479 allow_weak_crypto = yes 480 481 [realms] 482 $ctx->{realm} = { 483 kdc = $ctx->{kdc_ipv4}:88 484 admin_server = $ctx->{kdc_ipv4}:88 485 default_domain = $ctx->{dnsname} 486 } 487 $ctx->{dnsname} = { 488 kdc = $ctx->{kdc_ipv4}:88 489 admin_server = $ctx->{kdc_ipv4}:88 490 default_domain = $ctx->{dnsname} 491 } 492 $ctx->{domain} = { 493 kdc = $ctx->{kdc_ipv4}:88 494 admin_server = $ctx->{kdc_ipv4}:88 495 default_domain = $ctx->{dnsname} 496 } 497 498 [appdefaults] 499 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem 500 501 [kdc] 502 enable-pkinit = true 503 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem 504 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem 505 506 [domain_realm] 507 .$ctx->{dnsname} = $ctx->{realm} 508 "; 509 close(KRB5CONF); 510 } 511 512 sub provision_raw_prepare($$$$$$$$$$) 513 { 514 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias, 275 sub setup_namespaces($$:$$) 276 { 277 my ($self, $localenv, $upn_array, $spn_array) = @_; 278 279 @{$upn_array} = [] unless defined($upn_array); 280 my $upn_args = ""; 281 foreach my $upn (@{$upn_array}) { 282 $upn_args .= " --add-upn-suffix=$upn"; 283 } 284 285 @{$spn_array} = [] unless defined($spn_array); 286 my $spn_args = ""; 287 foreach my $spn (@{$spn_array}) { 288 $spn_args .= " --add-spn-suffix=$spn"; 289 } 290 291 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 292 293 my $cmd_env = ""; 294 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 295 if (defined($localenv->{RESOLV_WRAPPER_CONF})) { 296 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" "; 297 } else { 298 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" "; 299 } 300 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\""; 301 302 my $cmd_config = " $localenv->{CONFIGURATION}"; 303 304 my $namespaces = $cmd_env; 305 $namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args"; 306 $namespaces .= $cmd_config; 307 unless (system($namespaces) == 0) { 308 warn("Failed to add namespaces \n$namespaces"); 309 return; 310 } 311 312 return; 313 } 314 315 sub setup_trust($$$$$) 316 { 317 my ($self, $localenv, $remoteenv, $type, $extra_args) = @_; 318 319 $localenv->{TRUST_SERVER} = $remoteenv->{SERVER}; 320 $localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP}; 321 $localenv->{TRUST_SERVER_IPV6} = $remoteenv->{SERVER_IPV6}; 322 $localenv->{TRUST_NETBIOSNAME} = $remoteenv->{NETBIOSNAME}; 323 $localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME}; 324 $localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD}; 325 $localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN}; 326 $localenv->{TRUST_REALM} = $remoteenv->{REALM}; 327 328 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 329 # setup the trust 330 my $cmd_env = ""; 331 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 332 if (defined($localenv->{RESOLV_WRAPPER_CONF})) { 333 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" "; 334 } else { 335 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" "; 336 } 337 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\""; 338 339 my $cmd_config = " $localenv->{CONFIGURATION}"; 340 my $cmd_creds = $cmd_config; 341 $cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}"; 342 343 my $create = $cmd_env; 344 $create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}"; 345 $create .= " $extra_args"; 346 $create .= $cmd_creds; 347 unless (system($create) == 0) { 348 warn("Failed to create trust \n$create"); 349 return undef; 350 } 351 352 return $localenv 353 } 354 355 sub provision_raw_prepare($$$$$$$$$$$) 356 { 357 my ($self, $prefix, $server_role, $hostname, 515 358 $domain, $realm, $functional_level, 516 $ swiface, $password, $kdc_ipv4) = @_;359 $password, $kdc_ipv4, $kdc_ipv6) = @_; 517 360 my $ctx; 361 my $netbiosname = uc($hostname); 518 362 519 363 unless(-d $prefix or mkdir($prefix, 0777)) { … … 530 374 } 531 375 376 377 my $swiface = Samba::get_interface($hostname); 378 532 379 $ctx->{prefix} = $prefix; 533 380 $ctx->{prefix_abs} = $prefix_abs; 534 535 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";536 381 537 382 $ctx->{server_role} = $server_role; 383 $ctx->{hostname} = $hostname; 538 384 $ctx->{netbiosname} = $netbiosname; 539 $ctx->{netbiosalias} = $netbiosalias;540 385 $ctx->{swiface} = $swiface; 541 386 $ctx->{password} = $password; 542 387 $ctx->{kdc_ipv4} = $kdc_ipv4; 543 388 $ctx->{kdc_ipv6} = $kdc_ipv6; 389 if ($functional_level eq "2000") { 390 $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc" 391 } 392 393 # 394 # Set smbd log level here. 395 # 544 396 $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1; 545 397 $ctx->{username} = "Administrator"; … … 547 399 $ctx->{realm} = uc($realm); 548 400 $ctx->{dnsname} = lc($realm); 549 $ctx->{sid_generator} = "internal";550 401 551 402 $ctx->{functional_level} = $functional_level; … … 555 406 $ctx->{unix_name} = $unix_name; 556 407 $ctx->{unix_uid} = $>; 408 my @mygid = split(" ", $(); 409 $ctx->{unix_gid} = $mygid[0]; 557 410 $ctx->{unix_gids_str} = $); 558 411 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str}); … … 565 418 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; 566 419 $ctx->{lockdir} = "$prefix_abs/lockdir"; 420 $ctx->{logdir} = "$prefix_abs/logs"; 421 $ctx->{statedir} = "$prefix_abs/statedir"; 422 $ctx->{cachedir} = "$prefix_abs/cachedir"; 567 423 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket"; 568 424 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket"; … … 570 426 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd"; 571 427 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group"; 428 $ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts"; 429 if ($ENV{SAMBA_DNS_FAKING}) { 430 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file"; 431 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}"; 432 } else { 433 $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf"; 434 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}"; 435 } 572 436 573 437 $ctx->{tlsdir} = "$ctx->{privatedir}/tls"; 574 438 575 439 $ctx->{ipv4} = "127.0.0.$swiface"; 576 $ctx->{interfaces} = "$ctx->{ipv4}/8"; 440 $ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); 441 $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64"; 577 442 578 443 push(@{$ctx->{directories}}, $ctx->{privatedir}); 579 444 push(@{$ctx->{directories}}, $ctx->{etcdir}); 580 445 push(@{$ctx->{directories}}, $ctx->{piddir}); 581 push(@{$ctx->{directories}}, $ctx->{ncalrpcdir});582 446 push(@{$ctx->{directories}}, $ctx->{lockdir}); 447 push(@{$ctx->{directories}}, $ctx->{logdir}); 448 push(@{$ctx->{directories}}, $ctx->{statedir}); 449 push(@{$ctx->{directories}}, $ctx->{cachedir}); 583 450 584 451 $ctx->{smb_conf_extra_options} = ""; 585 452 586 453 my @provision_options = (); 454 push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\""); 587 455 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\""); 588 456 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\""); 457 push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\""); 458 if (defined($ctx->{resolv_conf})) { 459 push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\""); 460 } else { 461 push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\""); 462 } 589 463 if (defined($ENV{GDB_PROVISION})) { 590 464 push (@provision_options, "gdb --args"); … … 604 478 push (@provision_options, $ENV{PYTHON}); 605 479 } 606 push (@provision_options, "$self->{srcdir}/source4/setup/provision"); 480 push (@provision_options, Samba::bindir_path($self, "samba-tool")); 481 push (@provision_options, "domain"); 482 push (@provision_options, "provision"); 607 483 push (@provision_options, "--configfile=$ctx->{smb_conf}"); 608 push (@provision_options, "--host-name=$ctx->{ netbiosname}");484 push (@provision_options, "--host-name=$ctx->{hostname}"); 609 485 push (@provision_options, "--host-ip=$ctx->{ipv4}"); 610 486 push (@provision_options, "--quiet"); … … 632 508 mkdir($_, 0777) foreach (@{$ctx->{directories}}); 633 509 510 ## 511 ## lockdir and piddir must be 0755 512 ## 513 chmod 0755, $ctx->{lockdir}; 514 chmod 0755, $ctx->{piddir}; 515 634 516 unless (open(CONFFILE, ">$ctx->{smb_conf}")) { 635 517 warn("can't open $ctx->{smb_conf}$?"); 636 518 return undef; 637 519 } 520 521 Samba::prepare_keyblobs($ctx); 522 my $crlfile = "$ctx->{tlsdir}/crl.pem"; 523 $crlfile = "" unless -e ${crlfile}; 524 638 525 print CONFFILE " 639 526 [global] 640 527 netbios name = $ctx->{netbiosname} 641 netbios aliases = $ctx->{netbiosalias} 642 posix:eadb = $ctx->{lockdir}/eadb.tdb 528 posix:eadb = $ctx->{statedir}/eadb.tdb 643 529 workgroup = $ctx->{domain} 644 530 realm = $ctx->{realm} … … 647 533 ncalrpc dir = $ctx->{ncalrpcdir} 648 534 lock dir = $ctx->{lockdir} 535 state directory = $ctx->{statedir} 536 cache directory = $ctx->{cachedir} 649 537 winbindd socket directory = $ctx->{winbindd_socket_dir} 650 538 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir} 651 539 ntp signd socket directory = $ctx->{ntp_signd_socket_dir} 652 540 winbind separator = / 653 name resolve order = file bcast654 541 interfaces = $ctx->{interfaces} 655 542 tls dh params file = $ctx->{tlsdir}/dhparms.pem 656 panic action = $RealBin/gdb_backtrace \%PID% \%PROG% 543 tls crlfile = ${crlfile} 544 tls verify peer = no_check 545 panic action = $RealBin/gdb_backtrace \%d 657 546 wins support = yes 658 547 server role = $ctx->{server_role} 659 server services = +echo 548 server services = +echo +smb -s3fs 549 dcerpc endpoint servers = +winreg +srvsvc 660 550 notify:inotify = false 661 551 ldb:nosync = true 552 ldap server require strong auth = yes 662 553 #We don't want to pass our self-tests if the PAC code is wrong 663 554 gensec:require_pac = true 555 log file = $ctx->{logdir}/log.\%m 664 556 log level = $ctx->{server_loglevel} 665 557 lanman auth = Yes 666 558 rndc command = true 667 dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file} 668 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate 669 resolv:host file = $ctx->{dns_host_file} 559 dns update command = $ctx->{samba_dnsupdate} 560 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf} 670 561 dreplsrv:periodic_startup_interval = 0 562 dsdb:schema update allowed = yes 563 564 vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot 565 566 # remove this again, when our smb2 client library 567 # supports signin on compound related requests 568 server signing = on 569 570 idmap_ldb:use rfc2307=yes 571 winbind enum users = yes 572 winbind enum groups = yes 671 573 "; 672 673 if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {674 print CONFFILE "675 sid generator = $ctx->{sid_generator}";676 }677 574 678 575 print CONFFILE " … … 684 581 close(CONFFILE); 685 582 686 $self->mk_keyblobs($ctx->{tlsdir}); 687 688 $self->mk_krb5_conf($ctx); 583 #Default the KDC IP to the server's IP 584 if (not defined($ctx->{kdc_ipv4})) { 585 $ctx->{kdc_ipv4} = $ctx->{ipv4}; 586 } 587 if (not defined($ctx->{kdc_ipv6})) { 588 $ctx->{kdc_ipv6} = $ctx->{ipv6}; 589 } 590 591 Samba::mk_krb5_conf($ctx); 689 592 690 593 open(PWD, ">$ctx->{nsswrap_passwd}"); 691 print PWD " 692 root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false 693 $ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false 694 nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false 594 if ($ctx->{unix_uid} != 0) { 595 print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n"; 596 } 597 print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n"; 598 print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false 599 pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 600 pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 601 pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 602 pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false 695 603 "; 696 604 close(PWD); 605 my $uid_rfc2307test = 65533; 697 606 698 607 open(GRP, ">$ctx->{nsswrap_group}"); 699 print GRP " 700 root:x:0: 701 wheel:x:10: 702 users:x:100: 608 if ($ctx->{unix_gid} != 0) { 609 print GRP "root:x:0:\n"; 610 } 611 print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n"; 612 print GRP "wheel:x:10: 613 users:x:65531: 703 614 nobody:x:65533: 704 615 nogroup:x:65534:nobody 705 616 "; 706 617 close(GRP); 618 my $gid_rfc2307test = 65532; 619 620 my $hostname = lc($ctx->{hostname}); 621 open(HOSTS, ">>$ctx->{nsswrap_hosts}"); 622 if ($hostname eq "localdc") { 623 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; 624 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; 625 } else { 626 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n"; 627 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n"; 628 } 629 close(HOSTS); 630 631 if (defined($ctx->{resolv_conf})) { 632 open(RESOLV_CONF, ">$ctx->{resolv_conf}"); 633 print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n"; 634 print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n"; 635 close(RESOLV_CONF); 636 } 707 637 708 638 my $configuration = "--configfile=$ctx->{smb_conf}"; 709 639 710 640 #Ensure the config file is valid before we start 711 my $testparm = $self->scriptdir_path("bin/testparm");641 my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm"; 712 642 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) { 713 643 system("$testparm -v --suppress-prompt $configuration >&2"); … … 723 653 KRB5_CONFIG => $ctx->{krb5_conf}, 724 654 PIDDIR => $ctx->{piddir}, 725 SERVER => $ctx->{ netbiosname},655 SERVER => $ctx->{hostname}, 726 656 SERVER_IP => $ctx->{ipv4}, 657 SERVER_IPV6 => $ctx->{ipv6}, 727 658 NETBIOSNAME => $ctx->{netbiosname}, 728 NETBIOSALIAS => $ctx->{netbiosalias},729 659 DOMAIN => $ctx->{domain}, 730 660 USERNAME => $ctx->{username}, … … 733 663 LDAPDIR => $ctx->{ldapdir}, 734 664 LDAP_INSTANCE => $ctx->{ldap_instance}, 735 WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},665 SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir}, 736 666 NCALRPCDIR => $ctx->{ncalrpcdir}, 737 667 LOCKDIR => $ctx->{lockdir}, 668 STATEDIR => $ctx->{statedir}, 669 CACHEDIR => $ctx->{cachedir}, 670 PRIVATEDIR => $ctx->{privatedir}, 738 671 SERVERCONFFILE => $ctx->{smb_conf}, 739 672 CONFIGURATION => $configuration, … … 741 674 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd}, 742 675 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group}, 676 NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts}, 743 677 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo", 744 678 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", 745 679 SAMBA_TEST_LOG_POS => 0, 680 NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self), 681 NSS_WRAPPER_MODULE_FN_PREFIX => "winbind", 682 LOCAL_PATH => $ctx->{share}, 683 UID_RFC2307TEST => $uid_rfc2307test, 684 GID_RFC2307TEST => $gid_rfc2307test, 685 SERVER_ROLE => $ctx->{server_role} 746 686 }; 687 688 if (defined($ctx->{resolv_conf})) { 689 $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf}; 690 } else { 691 $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file}; 692 } 747 693 748 694 return $ret; … … 762 708 } 763 709 710 my $testallowed_account = "testallowed"; 711 my $samba_tool_cmd = ""; 712 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 713 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 714 . " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}"; 715 unless (system($samba_tool_cmd) == 0) { 716 warn("Unable to add testallowed user: \n$samba_tool_cmd\n"); 717 return undef; 718 } 719 720 my $ldbmodify = ""; 721 $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 722 $ldbmodify .= Samba::bindir_path($self, "ldbmodify"); 723 my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); 724 725 if ($ctx->{server_role} ne "domain controller") { 726 $base_dn = "DC=$ctx->{netbiosname}"; 727 } 728 729 my $user_dn = "cn=$testallowed_account,cn=users,$base_dn"; 730 $testallowed_account = "testallowed account"; 731 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 732 print LDIF "dn: $user_dn 733 changetype: modify 734 replace: samAccountName 735 samAccountName: $testallowed_account 736 - 737 "; 738 close(LDIF); 739 740 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 741 print LDIF "dn: $user_dn 742 changetype: modify 743 replace: userPrincipalName 744 userPrincipalName: testallowed upn\@$ctx->{realm} 745 replace: servicePrincipalName 746 servicePrincipalName: host/testallowed 747 - 748 "; 749 close(LDIF); 750 751 $samba_tool_cmd = ""; 752 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 753 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 754 . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}"; 755 unless (system($samba_tool_cmd) == 0) { 756 warn("Unable to add testdenied user: \n$samba_tool_cmd\n"); 757 return undef; 758 } 759 760 my $user_dn = "cn=testdenied,cn=users,$base_dn"; 761 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); 762 print LDIF "dn: $user_dn 763 changetype: modify 764 replace: userPrincipalName 765 userPrincipalName: testdenied_upn\@$ctx->{realm}.upn 766 - 767 "; 768 close(LDIF); 769 770 $samba_tool_cmd = ""; 771 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 772 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") 773 . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'"; 774 unless (system($samba_tool_cmd) == 0) { 775 warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n"); 776 return undef; 777 } 778 764 779 return $ret; 765 780 } 766 781 767 sub provision($$$$$$$$$ )768 { 769 my ($self, $prefix, $server_role, $ netbiosname, $netbiosalias,782 sub provision($$$$$$$$$$) 783 { 784 my ($self, $prefix, $server_role, $hostname, 770 785 $domain, $realm, $functional_level, 771 $swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_; 786 $password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares, 787 $extra_provision_options) = @_; 772 788 773 789 my $ctx = $self->provision_raw_prepare($prefix, $server_role, 774 $ netbiosname, $netbiosalias,790 $hostname, 775 791 $domain, $realm, $functional_level, 776 $swiface, $password, $kdc_ipv4); 777 778 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp"; 779 push(@{$ctx->{directories}}, "$ctx->{tmpdir}"); 780 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test1"); 781 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test2"); 792 $password, $kdc_ipv4, $kdc_ipv6); 793 794 if (defined($extra_provision_options)) { 795 push (@{$ctx->{provision_options}}, @{$extra_provision_options}); 796 } else { 797 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 798 } 799 800 $ctx->{share} = "$ctx->{prefix_abs}/share"; 801 push(@{$ctx->{directories}}, "$ctx->{share}"); 802 push(@{$ctx->{directories}}, "$ctx->{share}/test1"); 803 push(@{$ctx->{directories}}, "$ctx->{share}/test2"); 804 805 # precreate directories for printer drivers 806 push(@{$ctx->{directories}}, "$ctx->{share}/W32X86"); 807 push(@{$ctx->{directories}}, "$ctx->{share}/x64"); 808 push(@{$ctx->{directories}}, "$ctx->{share}/WIN40"); 809 782 810 my $msdfs = "no"; 783 811 $msdfs = "yes" if ($server_role eq "domain controller"); … … 786 814 max xmit = 32K 787 815 server max protocol = SMB2 788 $extra_smbconf_options789 816 host msdfs = $msdfs 790 817 lanman auth = yes 818 allow nt4 crypto = yes 819 820 # fruit:copyfile is a global option 821 fruit:copyfile = yes 822 823 $extra_smbconf_options 791 824 792 825 [tmp] 793 path = $ctx->{ tmpdir}826 path = $ctx->{share} 794 827 read only = no 795 posix:sharedelay = 10000 828 posix:sharedelay = 100000 796 829 posix:oplocktimeout = 3 797 830 posix:writetimeupdatedelay = 500000 798 831 832 [xcopy_share] 833 path = $ctx->{share} 834 read only = no 835 posix:sharedelay = 100000 836 posix:oplocktimeout = 3 837 posix:writetimeupdatedelay = 500000 838 create mask = 777 839 force create mode = 777 840 841 [posix_share] 842 path = $ctx->{share} 843 read only = no 844 create mask = 0777 845 force create mode = 0 846 directory mask = 0777 847 force directory mode = 0 848 799 849 [test1] 800 path = $ctx->{ tmpdir}/test1850 path = $ctx->{share}/test1 801 851 read only = no 802 posix:sharedelay = 10000 852 posix:sharedelay = 100000 803 853 posix:oplocktimeout = 3 804 posix:writetimeupdatedelay = 50000 854 posix:writetimeupdatedelay = 500000 805 855 806 856 [test2] 807 path = $ctx->{ tmpdir}/test2857 path = $ctx->{share}/test2 808 858 read only = no 809 posix:sharedelay = 10000 859 posix:sharedelay = 100000 810 860 posix:oplocktimeout = 3 811 posix:writetimeupdatedelay = 50000 861 posix:writetimeupdatedelay = 500000 812 862 813 863 [cifs] 864 path = $ctx->{share}/_ignore_cifs_ 814 865 read only = no 815 866 ntvfs handler = cifs 816 867 cifs:server = $ctx->{netbiosname} 817 868 cifs:share = tmp 818 #There is no username specified here, instead the client is expected 819 #to log in with kerberos, and the serverwill use delegated credentials. 869 cifs:use-s4u2proxy = yes 870 # There is no username specified here, instead the client is expected 871 # to log in with kerberos, and the serverwill use delegated credentials. 872 # Or the server tries s4u2self/s4u2proxy to impersonate the client 820 873 821 874 [simple] 822 path = $ctx->{ tmpdir}875 path = $ctx->{share} 823 876 read only = no 824 877 ntvfs handler = simple 825 878 826 879 [sysvol] 827 path = $ctx->{ lockdir}/sysvol828 read only = yes880 path = $ctx->{statedir}/sysvol 881 read only = no 829 882 830 883 [netlogon] 831 path = $ctx->{ lockdir}/sysvol/$ctx->{dnsname}/scripts884 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 832 885 read only = no 833 886 … … 835 888 copy = simple 836 889 ntvfs handler = cifsposix 890 891 [vfs_fruit] 892 path = $ctx->{share} 893 vfs objects = catia fruit streams_xattr acl_xattr 894 ea support = yes 895 fruit:ressource = file 896 fruit:metadata = netatalk 897 fruit:locking = netatalk 898 fruit:encoding = native 899 900 $extra_smbconf_shares 837 901 "; 838 902 … … 845 909 $ldap_uri = "ldapi://$ldap_uri"; 846 910 $ctx->{ldap_uri} = $ldap_uri; 847 if ($self->{ldap} eq "fedora-ds") {848 $ctx->{sid_generator} = "backend";849 }850 911 851 912 $ctx->{ldap_instance} = lc($ctx->{netbiosname}); … … 876 937 } 877 938 878 sub provision_ member($$$)939 sub provision_s4member($$$) 879 940 { 880 941 my ($self, $prefix, $dcvars) = @_; 881 942 print "PROVISIONING MEMBER..."; 882 943 my $extra_smb_conf = " 944 passdb backend = samba_dsdb 945 winbindd:use external pipes = true 946 947 rpc_server:default = external 948 rpc_server:svcctl = embedded 949 rpc_server:srvsvc = embedded 950 rpc_server:eventlog = embedded 951 rpc_server:ntsvcs = embedded 952 rpc_server:winreg = embedded 953 rpc_server:spoolss = embedded 954 rpc_daemon:spoolssd = embedded 955 rpc_server:tcpip = no 956 "; 883 957 my $ret = $self->provision($prefix, 884 958 "member server", 885 "localmember", 886 "member3", 959 "s4member", 887 960 "SAMBADOMAIN", 888 961 "samba.example.com", 889 962 "2008", 890 3,891 963 "locMEMpass3", 892 964 $dcvars->{SERVER_IP}, 893 ""); 965 $dcvars->{SERVER_IPV6}, 966 $extra_smb_conf, "", undef); 894 967 unless ($ret) { 895 968 return undef; 896 969 } 897 970 898 my $samba_tool = $self->bindir_path("samba-tool"); 971 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 972 my $cmd = ""; 973 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 974 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 975 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 976 } else { 977 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 978 } 979 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 980 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 981 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 982 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 983 984 unless (system($cmd) == 0) { 985 warn("Join failed\n$cmd"); 986 return undef; 987 } 988 989 $ret->{MEMBER_SERVER} = $ret->{SERVER}; 990 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP}; 991 $ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6}; 992 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME}; 993 $ret->{MEMBER_USERNAME} = $ret->{USERNAME}; 994 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD}; 995 996 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 997 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 998 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 999 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1000 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1001 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1002 1003 return $ret; 1004 } 1005 1006 sub provision_rpc_proxy($$$) 1007 { 1008 my ($self, $prefix, $dcvars) = @_; 1009 print "PROVISIONING RPC PROXY..."; 1010 1011 my $extra_smbconf_options = " 1012 passdb backend = samba_dsdb 1013 1014 # rpc_proxy 1015 dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER} 1016 dcerpc endpoint servers = epmapper, remote 1017 dcerpc_remote:interfaces = rpcecho 1018 1019 [cifs_to_dc] 1020 path = /tmp/_ignore_cifs_to_dc_/_none_ 1021 read only = no 1022 ntvfs handler = cifs 1023 cifs:server = $dcvars->{SERVER} 1024 cifs:share = cifs 1025 cifs:use-s4u2proxy = yes 1026 # There is no username specified here, instead the client is expected 1027 # to log in with kerberos, and the serverwill use delegated credentials. 1028 # Or the server tries s4u2self/s4u2proxy to impersonate the client 1029 1030 "; 1031 1032 my $ret = $self->provision($prefix, 1033 "member server", 1034 "localrpcproxy", 1035 "SAMBADOMAIN", 1036 "samba.example.com", 1037 "2008", 1038 "locRPCproxypass4", 1039 $dcvars->{SERVER_IP}, 1040 $dcvars->{SERVER_IPV6}, 1041 $extra_smbconf_options, "", undef); 1042 1043 unless ($ret) { 1044 return undef; 1045 } 1046 1047 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1048 1049 # The joind runs in the context of the rpc_proxy/member for now 1050 my $cmd = ""; 1051 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1052 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1053 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1054 } else { 1055 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1056 } 1057 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1058 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 1059 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1060 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 1061 1062 unless (system($cmd) == 0) { 1063 warn("Join failed\n$cmd"); 1064 return undef; 1065 } 1066 1067 # Setting up delegation runs in the context of the DC for now 1068 $cmd = ""; 1069 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1070 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" "; 1071 $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on"; 1072 $cmd .= " $dcvars->{CONFIGURATION}"; 1073 print $cmd; 1074 1075 unless (system($cmd) == 0) { 1076 warn("Delegation failed\n$cmd"); 1077 return undef; 1078 } 1079 1080 # Setting up delegation runs in the context of the DC for now 1081 $cmd = ""; 1082 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1083 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" "; 1084 $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}"; 1085 $cmd .= " $dcvars->{CONFIGURATION}"; 1086 1087 unless (system($cmd) == 0) { 1088 warn("Delegation failed\n$cmd"); 1089 return undef; 1090 } 1091 1092 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER}; 1093 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP}; 1094 $ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1095 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1096 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME}; 1097 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD}; 1098 1099 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1100 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1101 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1102 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1103 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1104 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1105 1106 return $ret; 1107 } 1108 1109 sub provision_promoted_dc($$$) 1110 { 1111 my ($self, $prefix, $dcvars) = @_; 1112 print "PROVISIONING PROMOTED DC..."; 1113 1114 # We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'. 1115 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1116 "promotedvdc", 1117 "SAMBADOMAIN", 1118 "samba.example.com", 1119 "2008", 1120 $dcvars->{PASSWORD}, 1121 $dcvars->{SERVER_IP}, 1122 $dcvars->{SERVER_IPV6}); 1123 1124 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1125 1126 $ctx->{smb_conf_extra_options} = " 1127 max xmit = 32K 1128 server max protocol = SMB2 1129 1130 [sysvol] 1131 path = $ctx->{statedir}/sysvol 1132 read only = yes 1133 1134 [netlogon] 1135 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1136 read only = no 1137 1138 "; 1139 1140 my $ret = $self->provision_raw_step1($ctx); 1141 unless ($ret) { 1142 return undef; 1143 } 1144 1145 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1146 my $cmd = ""; 1147 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1148 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1149 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1150 } else { 1151 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1152 } 1153 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1154 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}"; 1155 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1156 $cmd .= " --machinepass=machine$ret->{PASSWORD}"; 1157 1158 unless (system($cmd) == 0) { 1159 warn("Join failed\n$cmd"); 1160 return undef; 1161 } 1162 1163 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 899 1164 my $cmd = ""; 900 1165 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 901 1166 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 902 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";1167 $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 903 1168 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1169 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ"; 904 1170 905 1171 unless (system($cmd) == 0) { … … 908 1174 } 909 1175 910 $ret->{MEMBER_SERVER} = $ret->{SERVER}; 911 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP}; 912 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME}; 913 $ret->{MEMBER_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 914 $ret->{MEMBER_USERNAME} = $ret->{USERNAME}; 915 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD}; 1176 $ret->{PROMOTED_DC_SERVER} = $ret->{SERVER}; 1177 $ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP}; 1178 $ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1179 $ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 916 1180 917 1181 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 918 1182 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1183 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 919 1184 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 920 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};921 1185 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 922 1186 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; … … 925 1189 } 926 1190 927 sub provision_ rpc_proxy($$$)1191 sub provision_vampire_dc($$$) 928 1192 { 929 1193 my ($self, $prefix, $dcvars) = @_; 930 print "PROVISIONING RPC PROXY..."; 931 932 my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc 933 dcerpc endpoint servers = epmapper, remote 934 dcerpc_remote:interfaces = rpcecho 1194 print "PROVISIONING VAMPIRE DC..."; 1195 1196 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1197 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1198 "localvampiredc", 1199 "SAMBADOMAIN", 1200 "samba.example.com", 1201 "2008", 1202 $dcvars->{PASSWORD}, 1203 $dcvars->{SERVER_IP}, 1204 $dcvars->{SERVER_IPV6}); 1205 1206 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1207 1208 $ctx->{smb_conf_extra_options} = " 1209 max xmit = 32K 1210 server max protocol = SMB2 1211 1212 [sysvol] 1213 path = $ctx->{statedir}/sysvol 1214 read only = yes 1215 1216 [netlogon] 1217 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1218 read only = no 1219 935 1220 "; 936 1221 1222 my $ret = $self->provision_raw_step1($ctx); 1223 unless ($ret) { 1224 return undef; 1225 } 1226 1227 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1228 my $cmd = ""; 1229 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1230 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1231 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1232 } else { 1233 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1234 } 1235 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1236 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 1237 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only"; 1238 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs"; 1239 1240 unless (system($cmd) == 0) { 1241 warn("Join failed\n$cmd"); 1242 return undef; 1243 } 1244 1245 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER}; 1246 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP}; 1247 $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1248 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1249 1250 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1251 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1252 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1253 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1254 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1255 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1256 $ret->{DC_REALM} = $dcvars->{DC_REALM}; 1257 1258 return $ret; 1259 } 1260 1261 sub provision_subdom_dc($$$) 1262 { 1263 my ($self, $prefix, $dcvars) = @_; 1264 print "PROVISIONING SUBDOMAIN DC..."; 1265 1266 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1267 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1268 "localsubdc", 1269 "SAMBASUBDOM", 1270 "sub.samba.example.com", 1271 "2008", 1272 $dcvars->{PASSWORD}, 1273 undef); 1274 1275 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1276 1277 $ctx->{smb_conf_extra_options} = " 1278 max xmit = 32K 1279 server max protocol = SMB2 1280 1281 [sysvol] 1282 path = $ctx->{statedir}/sysvol 1283 read only = yes 1284 1285 [netlogon] 1286 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1287 read only = no 1288 1289 "; 1290 1291 my $ret = $self->provision_raw_step1($ctx); 1292 unless ($ret) { 1293 return undef; 1294 } 1295 1296 Samba::mk_krb5_conf($ctx); 1297 1298 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1299 my $cmd = ""; 1300 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1301 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1302 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1303 } else { 1304 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1305 } 1306 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1307 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain "; 1308 $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}"; 1309 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs"; 1310 $cmd .= " --adminpass=$ret->{PASSWORD}"; 1311 1312 unless (system($cmd) == 0) { 1313 warn("Join failed\n$cmd"); 1314 return undef; 1315 } 1316 1317 $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER}; 1318 $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP}; 1319 $ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1320 $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1321 1322 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1323 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1324 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1325 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1326 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1327 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1328 1329 return $ret; 1330 } 1331 1332 sub provision_ad_dc_ntvfs($$) 1333 { 1334 my ($self, $prefix) = @_; 1335 1336 # We keep the old 'winbind' name here in server services to 1337 # ensure upgrades which used that name still work with the now 1338 # alias. 1339 1340 print "PROVISIONING AD DC (NTVFS)..."; 1341 my $extra_conf_options = "netbios aliases = localDC1-a 1342 server services = +winbind -winbindd 1343 ldap server require strong auth = allow_sasl_over_tls 1344 "; 937 1345 my $ret = $self->provision($prefix, 938 "member server", 939 "localrpcproxy", 940 "rpcproxy4", 1346 "domain controller", 1347 "localdc", 941 1348 "SAMBADOMAIN", 942 1349 "samba.example.com", 943 1350 "2008", 944 4, 945 "locRPCproxypass4", 946 $dcvars->{SERVER_IP}, 947 $extra_smbconf_options); 948 949 unless ($ret) { 950 return undef; 951 } 952 953 my $samba_tool = $self->bindir_path("samba-tool"); 954 my $cmd = ""; 955 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 956 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 957 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member"; 958 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 959 960 unless (system($cmd) == 0) { 961 warn("Join failed\n$cmd"); 962 return undef; 963 } 964 965 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER}; 966 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP}; 967 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME}; 968 $ret->{RPC_PROXY_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 969 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME}; 970 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD}; 1351 "locDCpass1", 1352 undef, 1353 undef, 1354 $extra_conf_options, 1355 "", 1356 undef); 1357 1358 return undef unless(defined $ret); 1359 unless($self->add_wins_config("$prefix/private")) { 1360 warn("Unable to add wins configuration"); 1361 return undef; 1362 } 1363 $ret->{NETBIOSALIAS} = "localdc1-a"; 1364 $ret->{DC_SERVER} = $ret->{SERVER}; 1365 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1366 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1367 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1368 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1369 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1370 $ret->{DC_REALM} = $ret->{REALM}; 971 1371 972 1372 return $ret; 973 1373 } 974 1374 975 sub provision_vampire_dc($$$) 1375 sub provision_fl2000dc($$) 1376 { 1377 my ($self, $prefix) = @_; 1378 1379 print "PROVISIONING DC WITH FOREST LEVEL 2000..."; 1380 my $extra_conf_options = " 1381 spnego:simulate_w2k=yes 1382 ntlmssp_server:force_old_spnego=yes 1383 "; 1384 my $ret = $self->provision($prefix, 1385 "domain controller", 1386 "dc5", 1387 "SAMBA2000", 1388 "samba2000.example.com", 1389 "2000", 1390 "locDCpass5", 1391 undef, 1392 undef, 1393 $extra_conf_options, 1394 "", 1395 undef); 1396 1397 unless($self->add_wins_config("$prefix/private")) { 1398 warn("Unable to add wins configuration"); 1399 return undef; 1400 } 1401 $ret->{DC_SERVER} = $ret->{SERVER}; 1402 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1403 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1404 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1405 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1406 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1407 $ret->{DC_REALM} = $ret->{REALM}; 1408 1409 return $ret; 1410 } 1411 1412 sub provision_fl2003dc($$$) 976 1413 { 977 1414 my ($self, $prefix, $dcvars) = @_; 978 print "PROVISIONING VAMPIRE DC..."; 979 980 # We do this so that we don't run the provision. That's the job of 'net vampire'. 1415 1416 print "PROVISIONING DC WITH FOREST LEVEL 2003..."; 1417 my $extra_conf_options = "allow dns updates = nonsecure and secure"; 1418 my $ret = $self->provision($prefix, 1419 "domain controller", 1420 "dc6", 1421 "SAMBA2003", 1422 "samba2003.example.com", 1423 "2003", 1424 "locDCpass6", 1425 undef, 1426 undef, 1427 $extra_conf_options, 1428 "", 1429 undef); 1430 1431 unless (defined $ret) { 1432 return undef; 1433 } 1434 1435 $ret->{DC_SERVER} = $ret->{SERVER}; 1436 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1437 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1438 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1439 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1440 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1441 1442 my @samba_tool_options; 1443 push (@samba_tool_options, Samba::bindir_path($self, "samba-tool")); 1444 push (@samba_tool_options, "domain"); 1445 push (@samba_tool_options, "passwordsettings"); 1446 push (@samba_tool_options, "set"); 1447 push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}"); 1448 push (@samba_tool_options, "--min-pwd-age=0"); 1449 push (@samba_tool_options, "--history-length=1"); 1450 1451 my $samba_tool_cmd = join(" ", @samba_tool_options); 1452 1453 unless (system($samba_tool_cmd) == 0) { 1454 warn("Unable to set min password age to 0: \n$samba_tool_cmd\n"); 1455 return undef; 1456 } 1457 1458 return $ret; 1459 1460 unless($self->add_wins_config("$prefix/private")) { 1461 warn("Unable to add wins configuration"); 1462 return undef; 1463 } 1464 1465 return $ret; 1466 } 1467 1468 sub provision_fl2008r2dc($$$) 1469 { 1470 my ($self, $prefix, $dcvars) = @_; 1471 1472 print "PROVISIONING DC WITH FOREST LEVEL 2008r2..."; 1473 my $extra_conf_options = "ldap server require strong auth = no"; 1474 my $ret = $self->provision($prefix, 1475 "domain controller", 1476 "dc7", 1477 "SAMBA2008R2", 1478 "samba2008R2.example.com", 1479 "2008_R2", 1480 "locDCpass7", 1481 undef, 1482 undef, 1483 $extra_conf_options, 1484 "", 1485 undef); 1486 1487 unless ($self->add_wins_config("$prefix/private")) { 1488 warn("Unable to add wins configuration"); 1489 return undef; 1490 } 1491 $ret->{DC_SERVER} = $ret->{SERVER}; 1492 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1493 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1494 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1495 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1496 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1497 $ret->{DC_REALM} = $ret->{REALM}; 1498 1499 return $ret; 1500 } 1501 1502 1503 sub provision_rodc($$$) 1504 { 1505 my ($self, $prefix, $dcvars) = @_; 1506 print "PROVISIONING RODC..."; 1507 1508 # We do this so that we don't run the provision. That's the job of 'net join RODC'. 981 1509 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 982 "localvampiredc", 983 "dc2", 1510 "rodc", 984 1511 "SAMBADOMAIN", 985 1512 "samba.example.com", 986 1513 "2008", 987 2, $dcvars->{PASSWORD}, 988 $dcvars->{SERVER_IP}); 1514 $dcvars->{PASSWORD}, 1515 $dcvars->{SERVER_IP}, 1516 $dcvars->{SERVER_IPV6}); 1517 unless ($ctx) { 1518 return undef; 1519 } 1520 1521 push (@{$ctx->{provision_options}}, "--use-ntvfs"); 1522 1523 $ctx->{share} = "$ctx->{prefix_abs}/share"; 1524 push(@{$ctx->{directories}}, "$ctx->{share}"); 989 1525 990 1526 $ctx->{smb_conf_extra_options} = " … … 993 1529 994 1530 [sysvol] 995 path = $ctx->{ lockdir}/sysvol1531 path = $ctx->{statedir}/sysvol 996 1532 read only = yes 997 1533 998 1534 [netlogon] 999 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts 1000 read only = no 1001 1002 "; 1003 1004 my $ret = $self->provision_raw_step1($ctx); 1005 unless ($ret) { 1006 return undef; 1007 } 1008 1009 my $samba_tool = $self->bindir_path("samba-tool"); 1010 my $cmd = ""; 1011 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1012 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1013 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; 1014 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1015 1016 unless (system($cmd) == 0) { 1017 warn("Join failed\n$cmd"); 1018 return undef; 1019 } 1020 1021 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER}; 1022 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP}; 1023 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1024 $ret->{VAMPIRE_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 1025 1026 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1027 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1028 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1029 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS}; 1030 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1031 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; 1032 1033 return $ret; 1034 } 1035 1036 sub provision_dc($$) 1037 { 1038 my ($self, $prefix) = @_; 1039 1040 print "PROVISIONING DC..."; 1041 my $ret = $self->provision($prefix, 1042 "domain controller", 1043 "localdc", 1044 "dc1", 1045 "SAMBADOMAIN", 1046 "samba.example.com", 1047 "2008", 1048 1, 1049 "locDCpass1", 1050 "127.0.0.1", ""); 1051 1052 return undef unless(defined $ret); 1053 unless($self->add_wins_config("$prefix/private")) { 1054 warn("Unable to add wins configuration"); 1055 return undef; 1056 } 1057 1058 $ret->{DC_SERVER} = $ret->{SERVER}; 1059 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1060 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1061 $ret->{DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS}; 1062 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1063 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1064 1065 return $ret; 1066 } 1067 1068 sub provision_fl2000dc($$) 1069 { 1070 my ($self, $prefix) = @_; 1071 1072 print "PROVISIONING DC..."; 1073 my $ret = $self->provision($prefix, 1074 "domain controller", 1075 "dc5", 1076 "localfl2000dc", 1077 "SAMBA2000", 1078 "samba2000.example.com", 1079 "2000", 1080 5, 1081 "locDCpass5", 1082 "127.0.0.5", ""); 1083 1084 unless($self->add_wins_config("$prefix/private")) { 1085 warn("Unable to add wins configuration"); 1086 return undef; 1087 } 1088 1089 return $ret; 1090 } 1091 1092 sub provision_fl2003dc($$) 1093 { 1094 my ($self, $prefix) = @_; 1095 1096 print "PROVISIONING DC..."; 1097 my $ret = $self->provision($prefix, 1098 "domain controller", 1099 "dc6", 1100 "localfl2003dc", 1101 "SAMBA2003", 1102 "samba2003.example.com", 1103 "2003", 1104 6, 1105 "locDCpass6", 1106 "127.0.0.6", ""); 1107 1108 unless($self->add_wins_config("$prefix/private")) { 1109 warn("Unable to add wins configuration"); 1110 return undef; 1111 } 1112 1113 return $ret; 1114 } 1115 1116 sub provision_fl2008r2dc($$) 1117 { 1118 my ($self, $prefix) = @_; 1119 1120 print "PROVISIONING DC..."; 1121 my $ret = $self->provision($prefix, 1122 "domain controller", 1123 "dc7", 1124 "localfl2000r2dc", 1125 "SAMBA2008R2", 1126 "samba2008R2.example.com", 1127 "2008_R2", 1128 7, 1129 "locDCpass7", 1130 "127.0.0.7", ""); 1131 1132 unless ($self->add_wins_config("$prefix/private")) { 1133 warn("Unable to add wins configuration"); 1134 return undef; 1135 } 1136 1137 return $ret; 1138 } 1139 1140 1141 sub provision_rodc($$$) 1142 { 1143 my ($self, $prefix, $dcvars) = @_; 1144 print "PROVISIONING RODC..."; 1145 1146 # We do this so that we don't run the provision. That's the job of 'net join RODC'. 1147 my $ctx = $self->provision_raw_prepare($prefix, "domain controller", 1148 "rodc", 1149 "dc8", 1150 "SAMBADOMAIN", 1151 "samba.example.com", 1152 "2008", 1153 8, $dcvars->{PASSWORD}, 1154 $dcvars->{SERVER_IP}); 1155 unless ($ctx) { 1156 return undef; 1157 } 1158 1159 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp"; 1160 push(@{$ctx->{directories}}, "$ctx->{tmpdir}"); 1161 1162 $ctx->{smb_conf_extra_options} = " 1163 max xmit = 32K 1164 server max protocol = SMB2 1165 1166 [sysvol] 1167 path = $ctx->{lockdir}/sysvol 1535 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts 1168 1536 read only = yes 1169 1537 1170 [netlogon]1171 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts1172 read only = yes1173 1174 1538 [tmp] 1175 path = $ctx->{ tmpdir}1539 path = $ctx->{share} 1176 1540 read only = no 1177 1541 posix:sharedelay = 10000 1178 1542 posix:oplocktimeout = 3 1179 posix:writetimeupdatedelay = 50000 01543 posix:writetimeupdatedelay = 50000 1180 1544 1181 1545 "; … … 1186 1550 } 1187 1551 1188 my $samba_tool = $self->bindir_path("samba-tool");1552 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1189 1553 my $cmd = ""; 1190 1554 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 1555 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 1556 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 1557 } else { 1558 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 1559 } 1191 1560 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1192 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";1561 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC"; 1193 1562 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; 1563 $cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs"; 1564 1565 unless (system($cmd) == 0) { 1566 warn("RODC join failed\n$cmd"); 1567 return undef; 1568 } 1569 1570 # This ensures deterministic behaviour for tests that want to have the 'testallowed account' 1571 # user password verified on the RODC 1572 my $testallowed_account = "testallowed account"; 1573 $cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 1574 $cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}"; 1194 1575 $cmd .= " --server=$dcvars->{DC_SERVER}"; 1195 1576 … … 1203 1584 # the proxy code 1204 1585 $ctx->{kdc_ipv4} = $ret->{SERVER_IP}; 1205 $self->mk_krb5_conf($ctx); 1586 $ctx->{kdc_ipv6} = $ret->{SERVER_IPV6}; 1587 Samba::mk_krb5_conf($ctx); 1206 1588 1207 1589 $ret->{RODC_DC_SERVER} = $ret->{SERVER}; 1208 1590 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP}; 1591 $ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1209 1592 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1210 $ret->{RODC_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};1211 1593 1212 1594 $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; 1213 1595 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; 1596 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; 1214 1597 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; 1215 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};1216 1598 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; 1217 1599 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; … … 1220 1602 } 1221 1603 1604 sub provision_ad_dc($$) 1605 { 1606 my ($self, $prefix) = @_; 1607 1608 my $prefix_abs = abs_path($prefix); 1609 1610 my $bindir_abs = abs_path($self->{bindir}); 1611 my $lockdir="$prefix_abs/lockdir"; 1612 my $conffile="$prefix_abs/etc/smb.conf"; 1613 1614 my $extra_smbconf_options = " 1615 server services = -smb +s3fs 1616 xattr_tdb:file = $prefix_abs/statedir/xattr.tdb 1617 1618 dbwrap_tdb_mutexes:* = yes 1619 1620 kernel oplocks = no 1621 kernel change notify = no 1622 1623 logging = file 1624 printing = bsd 1625 printcap name = /dev/null 1626 1627 max protocol = SMB3 1628 read only = no 1629 server signing = auto 1630 1631 smbd:sharedelay = 100000 1632 smbd:writetimeupdatedelay = 500000 1633 create mask = 755 1634 dos filemode = yes 1635 1636 dcerpc endpoint servers = -winreg -srvsvc 1637 1638 printcap name = /dev/null 1639 1640 addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile -- 1641 deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile -- 1642 1643 printing = vlp 1644 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s 1645 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p 1646 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j 1647 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j 1648 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j 1649 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p 1650 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p 1651 lpq cache time = 0 1652 print notify backchannel = yes 1653 "; 1654 1655 my $extra_smbconf_shares = " 1656 1657 [tmpenc] 1658 copy = tmp 1659 smb encrypt = required 1660 1661 [tmpcase] 1662 copy = tmp 1663 case sensitive = yes 1664 1665 [tmpguest] 1666 copy = tmp 1667 guest ok = yes 1668 1669 [hideunread] 1670 copy = tmp 1671 hide unreadable = yes 1672 1673 [durable] 1674 copy = tmp 1675 kernel share modes = no 1676 kernel oplocks = no 1677 posix locking = no 1678 1679 [print\$] 1680 copy = tmp 1681 1682 [print1] 1683 copy = tmp 1684 printable = yes 1685 1686 [print2] 1687 copy = print1 1688 [print3] 1689 copy = print1 1690 [lp] 1691 copy = print1 1692 "; 1693 1694 print "PROVISIONING AD DC..."; 1695 my $ret = $self->provision($prefix, 1696 "domain controller", 1697 "addc", 1698 "ADDOMAIN", 1699 "addom.samba.example.com", 1700 "2008", 1701 "locDCpass1", 1702 undef, 1703 undef, 1704 $extra_smbconf_options, 1705 $extra_smbconf_shares, 1706 undef); 1707 1708 return undef unless(defined $ret); 1709 unless($self->add_wins_config("$prefix/private")) { 1710 warn("Unable to add wins configuration"); 1711 return undef; 1712 } 1713 1714 $ret->{DC_SERVER} = $ret->{SERVER}; 1715 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1716 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1717 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1718 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1719 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1720 1721 return $ret; 1722 } 1723 1724 sub provision_chgdcpass($$) 1725 { 1726 my ($self, $prefix) = @_; 1727 1728 print "PROVISIONING CHGDCPASS..."; 1729 my $extra_provision_options = undef; 1730 push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ"); 1731 my $ret = $self->provision($prefix, 1732 "domain controller", 1733 "chgdcpass", 1734 "CHDCDOMAIN", 1735 "chgdcpassword.samba.example.com", 1736 "2008", 1737 "chgDCpass1", 1738 undef, 1739 undef, 1740 "", 1741 "", 1742 $extra_provision_options); 1743 1744 return undef unless(defined $ret); 1745 unless($self->add_wins_config("$prefix/private")) { 1746 warn("Unable to add wins configuration"); 1747 return undef; 1748 } 1749 1750 # Remove secrets.tdb from this environment to test that we 1751 # still start up on systems without the new matching 1752 # secrets.tdb records. 1753 unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) { 1754 warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision"); 1755 return undef; 1756 } 1757 1758 $ret->{DC_SERVER} = $ret->{SERVER}; 1759 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; 1760 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; 1761 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; 1762 $ret->{DC_USERNAME} = $ret->{USERNAME}; 1763 $ret->{DC_PASSWORD} = $ret->{PASSWORD}; 1764 1765 return $ret; 1766 } 1767 1222 1768 sub teardown_env($$) 1223 1769 { … … 1225 1771 my $pid; 1226 1772 1227 close(DATA); 1228 1229 if (open(IN, "<$envvars->{PIDDIR}/samba.pid")) { 1230 $pid = <IN>; 1231 close(IN); 1232 1233 # Give the process 20 seconds to exit. gcov needs 1234 # this time to write out the covarge data 1235 my $count = 0; 1236 until (kill(0, $pid) == 0) { 1237 # if no process sucessfully signalled, then we are done 1238 sleep(1); 1239 $count++; 1240 last if $count > 20; 1241 } 1242 1243 # If it is still around, kill it 1244 if ($count > 20) { 1245 print "server process $pid took more than $count seconds to exit, killing\n"; 1246 kill 9, $pid; 1247 } 1248 } 1249 1250 my $failed = $? >> 8; 1773 # This should cause samba to terminate gracefully 1774 close($envvars->{STDIN_PIPE}); 1775 1776 $pid = $envvars->{SAMBA_PID}; 1777 my $count = 0; 1778 my $childpid; 1779 1780 # This should give it time to write out the gcov data 1781 until ($count > 30) { 1782 if (Samba::cleanup_child($pid, "samba") == -1) { 1783 last; 1784 } 1785 sleep(1); 1786 $count++; 1787 } 1788 1789 if ($count > 30 || kill(0, $pid)) { 1790 kill "TERM", $pid; 1791 1792 until ($count > 40) { 1793 if (Samba::cleanup_child($pid, "samba") == -1) { 1794 last; 1795 } 1796 sleep(1); 1797 $count++; 1798 } 1799 # If it is still around, kill it 1800 warn "server process $pid took more than $count seconds to exit, killing\n"; 1801 kill 9, $pid; 1802 } 1251 1803 1252 1804 $self->slapd_stop($envvars) if ($self->{ldap}); … … 1254 1806 print $self->getlog_env($envvars); 1255 1807 1256 return $failed;1808 return; 1257 1809 } 1258 1810 … … 1280 1832 { 1281 1833 my ($self, $envvars) = @_; 1282 1283 return (-p $envvars->{SAMBA_TEST_FIFO}); 1834 my $samba_pid = $envvars->{SAMBA_PID}; 1835 1836 if (not defined($samba_pid)) { 1837 return 0; 1838 } elsif ($samba_pid > 0) { 1839 my $childpid = Samba::cleanup_child($samba_pid, "samba"); 1840 1841 if ($childpid == 0) { 1842 return 1; 1843 } 1844 return 0; 1845 } else { 1846 return 1; 1847 } 1848 1284 1849 } 1285 1850 … … 1287 1852 { 1288 1853 my ($self, $envname, $path) = @_; 1854 my $target3 = $self->{target3}; 1289 1855 1290 1856 $ENV{ENVNAME} = $envname; 1291 1857 1292 if ($envname eq "dc") { 1293 return $self->setup_dc("$path/dc"); 1858 if (defined($self->{vars}->{$envname})) { 1859 return $self->{vars}->{$envname}; 1860 } 1861 1862 if ($envname eq "ad_dc_ntvfs") { 1863 return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1294 1864 } elsif ($envname eq "fl2000dc") { 1295 1865 return $self->setup_fl2000dc("$path/fl2000dc"); 1296 1866 } elsif ($envname eq "fl2003dc") { 1297 return $self->setup_fl2003dc("$path/fl2003dc"); 1867 if (not defined($self->{vars}->{ad_dc})) { 1868 $self->setup_ad_dc("$path/ad_dc"); 1869 } 1870 return $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{ad_dc}); 1298 1871 } elsif ($envname eq "fl2008r2dc") { 1299 return $self->setup_fl2008r2dc("$path/fl2008r2dc"); 1872 if (not defined($self->{vars}->{ad_dc})) { 1873 $self->setup_ad_dc("$path/ad_dc"); 1874 } 1875 return $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{ad_dc}); 1300 1876 } elsif ($envname eq "rpc_proxy") { 1301 if (not defined($self->{vars}->{ dc})) {1302 $self->setup_ dc("$path/dc");1303 } 1304 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ dc});1877 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1878 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1879 } 1880 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ad_dc_ntvfs}); 1305 1881 } elsif ($envname eq "vampire_dc") { 1306 if (not defined($self->{vars}->{dc})) { 1307 $self->setup_dc("$path/dc"); 1308 } 1309 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc}); 1310 } elsif ($envname eq "member") { 1311 if (not defined($self->{vars}->{dc})) { 1312 $self->setup_dc("$path/dc"); 1313 } 1314 return $self->setup_member("$path/member", $self->{vars}->{dc}); 1882 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1883 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1884 } 1885 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs}); 1886 } elsif ($envname eq "promoted_dc") { 1887 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1888 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1889 } 1890 return $self->setup_promoted_dc("$path/promoted_dc", $self->{vars}->{ad_dc_ntvfs}); 1891 } elsif ($envname eq "subdom_dc") { 1892 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1893 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1894 } 1895 return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs}); 1896 } elsif ($envname eq "s4member") { 1897 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1898 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1899 } 1900 return $self->setup_s4member("$path/s4member", $self->{vars}->{ad_dc_ntvfs}); 1315 1901 } elsif ($envname eq "rodc") { 1316 if (not defined($self->{vars}->{dc})) { 1317 $self->setup_dc("$path/dc"); 1318 } 1319 return $self->setup_rodc("$path/rodc", $self->{vars}->{dc}); 1320 } elsif ($envname eq "all") { 1321 if (not defined($self->{vars}->{dc})) { 1322 $ENV{ENVNAME} = "dc"; 1323 $self->setup_dc("$path/dc"); 1324 } 1325 my $ret = $self->setup_member("$path/member", $self->{vars}->{dc}); 1326 if (not defined($self->{vars}->{rpc_proxy})) { 1327 $ENV{ENVNAME} = "rpc_proxy"; 1328 my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc}); 1329 1330 $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER}; 1331 $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP}; 1332 $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME}; 1333 $ret->{RPC_PROXY_NETBIOSALIAS} = $rpc_proxy_ret->{NETBIOSALIAS}; 1334 $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME}; 1335 $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD}; 1336 } 1337 if (not defined($self->{vars}->{fl2000dc})) { 1338 $ENV{ENVNAME} = "fl2000dc"; 1339 my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc}); 1340 1341 $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER}; 1342 $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP}; 1343 $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME}; 1344 $ret->{FL2000DC_NETBIOSALIAS} = $fl2000dc_ret->{NETBIOSALIAS}; 1345 $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME}; 1346 $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD}; 1347 } 1348 if (not defined($self->{vars}->{fl2003dc})) { 1349 $ENV{ENVNAME} = "fl2003dc"; 1350 my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc}); 1351 1352 $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER}; 1353 $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP}; 1354 $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME}; 1355 $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS}; 1356 $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME}; 1357 $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD}; 1358 } 1359 if (not defined($self->{vars}->{fl2008r2dc})) { 1360 $ENV{ENVNAME} = "fl2008r2dc"; 1361 my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc}); 1362 1363 $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER}; 1364 $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP}; 1365 $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME}; 1366 $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS}; 1367 $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME}; 1368 $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD}; 1369 } 1370 return $ret; 1902 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1903 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1904 } 1905 return $self->setup_rodc("$path/rodc", $self->{vars}->{ad_dc_ntvfs}); 1906 } elsif ($envname eq "chgdcpass") { 1907 return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass}); 1908 } elsif ($envname eq "ad_member") { 1909 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1910 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1911 } 1912 return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29); 1913 } elsif ($envname eq "ad_dc") { 1914 return $self->setup_ad_dc("$path/ad_dc"); 1915 } elsif ($envname eq "ad_dc_no_nss") { 1916 return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss"); 1917 } elsif ($envname eq "ad_member_rfc2307") { 1918 if (not defined($self->{vars}->{ad_dc_ntvfs})) { 1919 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); 1920 } 1921 return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307", 1922 $self->{vars}->{ad_dc_ntvfs}, 34); 1923 } elsif ($envname eq "none") { 1924 return $self->setup_none("$path/none"); 1371 1925 } else { 1372 warn("Samba4 can't provide environment '$envname'"); 1373 return undef; 1374 } 1375 } 1376 1377 sub setup_member($$$) 1926 return "UNKNOWN"; 1927 } 1928 } 1929 1930 sub setup_s4member($$$) 1378 1931 { 1379 1932 my ($self, $path, $dc_vars) = @_; 1380 1933 1381 my $env = $self->provision_ member($path, $dc_vars);1934 my $env = $self->provision_s4member($path, $dc_vars); 1382 1935 1383 1936 if (defined $env) { 1384 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));1385 1386 $self->wait_for_start($env);1387 1388 $self->{vars}->{ member} = $env;1937 if (not defined($self->check_or_start($env, "single"))) { 1938 return undef; 1939 } 1940 1941 $self->{vars}->{s4member} = $env; 1389 1942 } 1390 1943 … … 1399 1952 1400 1953 if (defined $env) { 1401 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));1402 1403 $self->wait_for_start($env);1954 if (not defined($self->check_or_start($env, "single"))) { 1955 return undef; 1956 } 1404 1957 1405 1958 $self->{vars}->{rpc_proxy} = $env; … … 1408 1961 } 1409 1962 1410 sub setup_ dc($$)1963 sub setup_ad_dc_ntvfs($$) 1411 1964 { 1412 1965 my ($self, $path) = @_; 1413 1966 1414 my $env = $self->provision_ dc($path);1967 my $env = $self->provision_ad_dc_ntvfs($path); 1415 1968 if (defined $env) { 1416 $self->check_or_start($env, 1417 ($ENV{SMBD_MAXTIME} or 7500)); 1418 1419 $self->wait_for_start($env); 1420 1421 $self->{vars}->{dc} = $env; 1969 if (not defined($self->check_or_start($env, "standard"))) { 1970 warn("Failed to start ad_dc_ntvfs"); 1971 return undef; 1972 } 1973 1974 $self->{vars}->{ad_dc_ntvfs} = $env; 1975 } 1976 return $env; 1977 } 1978 1979 sub setup_chgdcpass($$) 1980 { 1981 my ($self, $path) = @_; 1982 1983 my $env = $self->provision_chgdcpass($path); 1984 if (defined $env) { 1985 if (not defined($self->check_or_start($env, "single"))) { 1986 return undef; 1987 } 1988 1989 $self->{vars}->{chgdcpass} = $env; 1422 1990 } 1423 1991 return $env; … … 1430 1998 my $env = $self->provision_fl2000dc($path); 1431 1999 if (defined $env) { 1432 $self->check_or_start($env, 1433 ($ENV{SMBD_MAXTIME} or 7500)); 1434 1435 $self->wait_for_start($env); 2000 if (not defined($self->check_or_start($env, "single"))) { 2001 return undef; 2002 } 1436 2003 1437 2004 $self->{vars}->{fl2000dc} = $env; … … 1441 2008 } 1442 2009 1443 sub setup_fl2003dc($$ )1444 { 1445 my ($self, $path ) = @_;2010 sub setup_fl2003dc($$$) 2011 { 2012 my ($self, $path, $dc_vars) = @_; 1446 2013 1447 2014 my $env = $self->provision_fl2003dc($path); 1448 2015 1449 2016 if (defined $env) { 1450 $self->check_or_start($env, 1451 ($ENV{SMBD_MAXTIME} or 7500)); 1452 1453 $self->wait_for_start($env); 2017 if (not defined($self->check_or_start($env, "single"))) { 2018 return undef; 2019 } 2020 2021 $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys"); 1454 2022 1455 2023 $self->{vars}->{fl2003dc} = $env; … … 1458 2026 } 1459 2027 1460 sub setup_fl2008r2dc($$ )1461 { 1462 my ($self, $path ) = @_;2028 sub setup_fl2008r2dc($$$) 2029 { 2030 my ($self, $path, $dc_vars) = @_; 1463 2031 1464 2032 my $env = $self->provision_fl2008r2dc($path); 1465 2033 1466 2034 if (defined $env) { 1467 $self->check_or_start($env, 1468 ($ENV{SMBD_MAXTIME} or 7500)); 1469 1470 $self->wait_for_start($env); 2035 if (not defined($self->check_or_start($env, "single"))) { 2036 return undef; 2037 } 2038 2039 my $upn_array = ["$env->{REALM}.upn"]; 2040 my $spn_array = ["$env->{REALM}.spn"]; 2041 2042 $self->setup_namespaces($env, $upn_array, $spn_array); 2043 2044 $env = $self->setup_trust($env, $dc_vars, "forest", ""); 1471 2045 1472 2046 $self->{vars}->{fl2008r2dc} = $env; … … 1483 2057 1484 2058 if (defined $env) { 1485 $self->check_or_start($env, 1486 ($ENV{SMBD_MAXTIME} or 7500)); 1487 1488 $self->wait_for_start($env); 2059 if (not defined($self->check_or_start($env, "single"))) { 2060 return undef; 2061 } 1489 2062 1490 2063 $self->{vars}->{vampire_dc} = $env; … … 1492 2065 # force replicated DC to update repsTo/repsFrom 1493 2066 # for vampired partitions 1494 my $samba_tool = $self->bindir_path("samba-tool");2067 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 1495 2068 my $cmd = ""; 1496 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2069 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 2070 if (defined($env->{RESOLV_WRAPPER_CONF})) { 2071 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" "; 2072 } else { 2073 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" "; 2074 } 1497 2075 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 1498 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2076 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}"; 2077 $cmd .= " $env->{CONFIGURATION}"; 1499 2078 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 1500 2079 unless (system($cmd) == 0) { … … 1506 2085 # we need to synchronize data between DCs 1507 2086 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 1508 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2087 $cmd = ""; 2088 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 2089 if (defined($env->{RESOLV_WRAPPER_CONF})) { 2090 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" "; 2091 } else { 2092 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" "; 2093 } 1509 2094 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 1510 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}"; 2095 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; 2096 $cmd .= " $dc_vars->{CONFIGURATION}"; 1511 2097 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 1512 2098 # replicate Configuration NC … … 1527 2113 } 1528 2114 2115 sub setup_promoted_dc($$$) 2116 { 2117 my ($self, $path, $dc_vars) = @_; 2118 2119 my $env = $self->provision_promoted_dc($path, $dc_vars); 2120 2121 if (defined $env) { 2122 if (not defined($self->check_or_start($env, "single"))) { 2123 return undef; 2124 } 2125 2126 $self->{vars}->{promoted_dc} = $env; 2127 2128 # force source and replicated DC to update repsTo/repsFrom 2129 # for vampired partitions 2130 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2131 my $cmd = ""; 2132 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2133 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2134 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2135 $cmd .= " $env->{CONFIGURATION}"; 2136 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2137 unless (system($cmd) == 0) { 2138 warn("Failed to exec kcc\n$cmd"); 2139 return undef; 2140 } 2141 2142 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2143 my $cmd = ""; 2144 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2145 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2146 $cmd .= " $samba_tool drs kcc $env->{SERVER}"; 2147 $cmd .= " $env->{CONFIGURATION}"; 2148 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2149 unless (system($cmd) == 0) { 2150 warn("Failed to exec kcc\n$cmd"); 2151 return undef; 2152 } 2153 2154 # as 'vampired' dc may add data in its local replica 2155 # we need to synchronize data between DCs 2156 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2157 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2158 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2159 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; 2160 $cmd .= " $dc_vars->{CONFIGURATION}"; 2161 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2162 # replicate Configuration NC 2163 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; 2164 unless(system($cmd_repl) == 0) { 2165 warn("Failed to replicate\n$cmd_repl"); 2166 return undef; 2167 } 2168 # replicate Default NC 2169 $cmd_repl = "$cmd \"$base_dn\""; 2170 unless(system($cmd_repl) == 0) { 2171 warn("Failed to replicate\n$cmd_repl"); 2172 return undef; 2173 } 2174 } 2175 2176 return $env; 2177 } 2178 2179 sub setup_subdom_dc($$$) 2180 { 2181 my ($self, $path, $dc_vars) = @_; 2182 2183 my $env = $self->provision_subdom_dc($path, $dc_vars); 2184 2185 if (defined $env) { 2186 if (not defined($self->check_or_start($env, "single"))) { 2187 return undef; 2188 } 2189 2190 $self->{vars}->{subdom_dc} = $env; 2191 2192 # force replicated DC to update repsTo/repsFrom 2193 # for primary domain partitions 2194 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2195 my $cmd = ""; 2196 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2197 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2198 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}"; 2199 $cmd .= " $env->{CONFIGURATION}"; 2200 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}"; 2201 unless (system($cmd) == 0) { 2202 warn("Failed to exec kcc\n$cmd"); 2203 return undef; 2204 } 2205 2206 # as 'subdomain' dc may add data in its local replica 2207 # we need to synchronize data between DCs 2208 my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM})); 2209 my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2210 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2211 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2212 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}"; 2213 $cmd .= " $dc_vars->{CONFIGURATION}"; 2214 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}"; 2215 # replicate Configuration NC 2216 my $cmd_repl = "$cmd \"$config_dn\""; 2217 unless(system($cmd_repl) == 0) { 2218 warn("Failed to replicate\n$cmd_repl"); 2219 return undef; 2220 } 2221 # replicate Default NC 2222 $cmd_repl = "$cmd \"$base_dn\""; 2223 unless(system($cmd_repl) == 0) { 2224 warn("Failed to replicate\n$cmd_repl"); 2225 return undef; 2226 } 2227 } 2228 2229 return $env; 2230 } 2231 1529 2232 sub setup_rodc($$$) 1530 2233 { … … 1537 2240 } 1538 2241 1539 $self->check_or_start($env, 1540 ($ENV{SMBD_MAXTIME} or 7500)); 1541 1542 $self->wait_for_start($env); 2242 if (not defined($self->check_or_start($env, "single"))) { 2243 return undef; 2244 } 2245 2246 # force source and replicated DC to update repsTo/repsFrom 2247 # for vampired partitions 2248 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2249 my $cmd = ""; 2250 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2251 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2252 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}"; 2253 $cmd .= " $env->{CONFIGURATION}"; 2254 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2255 unless (system($cmd) == 0) { 2256 warn("Failed to exec kcc\n$cmd"); 2257 return undef; 2258 } 2259 2260 my $samba_tool = Samba::bindir_path($self, "samba-tool"); 2261 my $cmd = ""; 2262 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2263 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2264 $cmd .= " $samba_tool drs kcc -k no $env->{SERVER}"; 2265 $cmd .= " $env->{CONFIGURATION}"; 2266 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2267 unless (system($cmd) == 0) { 2268 warn("Failed to exec kcc\n$cmd"); 2269 return undef; 2270 } 2271 2272 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); 2273 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\""; 2274 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\""; 2275 $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}"; 2276 $cmd .= " $dc_vars->{CONFIGURATION}"; 2277 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; 2278 # replicate Configuration NC 2279 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; 2280 unless(system($cmd_repl) == 0) { 2281 warn("Failed to replicate\n$cmd_repl"); 2282 return undef; 2283 } 2284 # replicate Default NC 2285 $cmd_repl = "$cmd \"$base_dn\""; 2286 unless(system($cmd_repl) == 0) { 2287 warn("Failed to replicate\n$cmd_repl"); 2288 return undef; 2289 } 1543 2290 1544 2291 $self->{vars}->{rodc} = $env; … … 1547 2294 } 1548 2295 2296 sub setup_ad_dc($$) 2297 { 2298 my ($self, $path, $no_nss) = @_; 2299 2300 # If we didn't build with ADS, pretend this env was never available 2301 if (not $self->{target3}->have_ads()) { 2302 return "UNKNOWN"; 2303 } 2304 2305 my $env = $self->provision_ad_dc($path); 2306 unless ($env) { 2307 return undef; 2308 } 2309 2310 if (defined($no_nss) and $no_nss) { 2311 $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef; 2312 $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef; 2313 } 2314 2315 if (not defined($self->check_or_start($env, "single"))) { 2316 return undef; 2317 } 2318 2319 my $upn_array = ["$env->{REALM}.upn"]; 2320 my $spn_array = ["$env->{REALM}.spn"]; 2321 2322 $self->setup_namespaces($env, $upn_array, $spn_array); 2323 2324 $self->{vars}->{ad_dc} = $env; 2325 return $env; 2326 } 2327 2328 sub setup_none($$) 2329 { 2330 my ($self, $path) = @_; 2331 2332 my $ret = { 2333 KRB5_CONFIG => abs_path($path) . "/no_krb5.conf", 2334 SAMBA_PID => -1, 2335 } 2336 } 2337 1549 2338 1;
Note:
See TracChangeset
for help on using the changeset viewer.
