2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
10 use FindBin qw($RealBin);
17 my ($classname, $bindir, $ldap, $srcdir, $exeext) = @_;
18 $exeext = "" unless defined($exeext);
25 target3 => new Samba3($bindir,$srcdir),
32 my ($self, $path) = @_;
34 my $valpath = "$self->{bindir}/$path$self->{exeext}";
36 return $valpath if (-f $valpath);
40 sub scriptdir_path($$) {
41 my ($self, $path) = @_;
42 return "$self->{srcdir}/source4/scripting/$path";
45 sub openldap_start($$$) {
51 my ($self, $env_vars) = @_;
52 my $ldbsearch = $self->bindir_path("ldbsearch");
54 my $uri = $env_vars->{LDAP_URI};
56 if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
57 print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
60 # running slapd in the background means it stays in the same process group, so it can be
62 if ($self->{ldap} eq "fedora-ds") {
63 system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
64 } elsif ($self->{ldap} eq "openldap") {
65 system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
67 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
70 $self->slapd_stop($env_vars);
80 my ($self, $envvars) = @_;
81 if ($self->{ldap} eq "fedora-ds") {
82 system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
83 } elsif ($self->{ldap} eq "openldap") {
84 unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) {
85 warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}");
94 sub check_or_start($$$)
96 my ($self, $env_vars, $max_time) = @_;
97 return 0 if ( -p $env_vars->{SAMBA_TEST_FIFO});
99 unlink($env_vars->{SAMBA_TEST_FIFO});
100 POSIX::mkfifo($env_vars->{SAMBA_TEST_FIFO}, 0700);
101 unlink($env_vars->{SAMBA_TEST_LOG});
104 print "STARTING SAMBA for $ENV{ENVNAME}\n";
107 open STDIN, $env_vars->{SAMBA_TEST_FIFO};
108 # we want out from samba to go to the log file, but also
109 # to the users terminal when running 'make test' on the command
110 # line. This puts it on stderr on the terminal
111 open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
112 open STDERR, '>&STDOUT';
114 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
117 if (defined($ENV{SAMBA_VALGRIND})) {
118 $valgrind = $ENV{SAMBA_VALGRIND};
121 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
122 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
124 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
125 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
127 $ENV{UID_WRAPPER} = "1";
129 # Start slapd before samba, but with the fifo on stdin
130 if (defined($self->{ldap})) {
131 unless($self->slapd_start($env_vars)) {
132 warn("couldn't start slapd (main run)");
138 if (defined($max_time)) {
139 $optarg = "--maximum-runtime=$max_time ";
141 if (defined($ENV{SAMBA_OPTIONS})) {
142 $optarg.= " $ENV{SAMBA_OPTIONS}";
144 my $samba = $self->bindir_path("samba");
146 # allow selection of the process model using
147 # the environment varibale SAMBA_PROCESS_MODEL
148 # that allows us to change the process model for
149 # individual machines in the build farm
150 my $model = "single";
151 if (defined($ENV{SAMBA_PROCESS_MODEL})) {
152 $model = $ENV{SAMBA_PROCESS_MODEL};
155 my $cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $model -i";
156 my $ret = system("$cmdline");
158 print "Unable to start $cmdline: $ret: $!\n";
161 my $exit = ($ret >> 8);
162 unlink($env_vars->{SAMBA_TEST_FIFO});
164 print "$samba exited with no error\n";
166 } elsif ( $ret & 127 ) {
167 print "$samba got signal ".($ret & 127)." and exits with $exit!\n";
169 print "$samba failed with status $exit!\n";
178 open(DATA, ">$env_vars->{SAMBA_TEST_FIFO}");
183 sub wait_for_start($$)
185 my ($self, $testenv_vars) = @_;
186 # give time for nbt server to register its names
187 print "delaying for nbt name registration\n";
190 # This will return quickly when things are up, but be slow if we
191 # need to wait for (eg) SSL init
192 my $nmblookup = $self->bindir_path("nmblookup");
193 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
194 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
195 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
196 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
197 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}");
198 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}");
199 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
200 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
201 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
202 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
203 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}");
204 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}");
206 print $self->getlog_env($testenv_vars);
209 sub write_ldb_file($$$)
211 my ($self, $file, $ldif) = @_;
213 my $ldbadd = $self->bindir_path("ldbadd");
214 open(LDIF, "|$ldbadd -H $file >/dev/null");
219 sub add_wins_config($$)
221 my ($self, $privatedir) = @_;
223 return $self->write_ldb_file("$privatedir/wins_config.ldb", "
224 dn: name=TORTURE_11,CN=PARTNERS
225 objectClass: wreplPartner
236 my ($self, $ctx) = @_;
238 #Make the subdirectory be as fedora DS would expect
239 my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
241 my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
243 return ($fedora_ds_dir, $pidfile);
248 my ($self, $ctx) = @_;
250 my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
251 my $pidfile = "$ctx->{ldapdir}/slapd.pid";
253 return ($slapd_conf_d, $pidfile);
258 my ($self, $tlsdir) = @_;
260 #TLS and PKINIT crypto blobs
261 my $dhfile = "$tlsdir/dhparms.pem";
262 my $cafile = "$tlsdir/ca.pem";
263 my $certfile = "$tlsdir/cert.pem";
264 my $reqkdc = "$tlsdir/req-kdc.der";
265 my $kdccertfile = "$tlsdir/kdc.pem";
266 my $keyfile = "$tlsdir/key.pem";
267 my $adminkeyfile = "$tlsdir/adminkey.pem";
268 my $reqadmin = "$tlsdir/req-admin.der";
269 my $admincertfile = "$tlsdir/admincert.pem";
270 my $admincertupnfile = "$tlsdir/admincertupn.pem";
272 mkdir($tlsdir, 0777);
274 #This is specified here to avoid draining entropy on every run
275 open(DHFILE, ">$dhfile");
277 -----BEGIN DH PARAMETERS-----
278 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
279 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
281 -----END DH PARAMETERS-----
285 #Likewise, we pregenerate the key material. This allows the
286 #other certificates to be pre-generated
287 open(KEYFILE, ">$keyfile");
289 -----BEGIN RSA PRIVATE KEY-----
290 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
291 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
292 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
293 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
294 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
295 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
296 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
297 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
298 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
299 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
300 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
301 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
302 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
303 -----END RSA PRIVATE KEY-----
307 open(ADMINKEYFILE, ">$adminkeyfile");
309 print ADMINKEYFILE <<EOF;
310 -----BEGIN RSA PRIVATE KEY-----
311 MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
312 5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
313 XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
314 AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
315 cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
316 osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
317 u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
318 eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
319 I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
320 ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
321 OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
322 yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
323 +cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
324 -----END RSA PRIVATE KEY-----
328 # hxtool issue-certificate --self-signed --issue-ca \
329 # --ca-private-key="FILE:$KEYFILE" \
330 # --subject="CN=CA,DC=samba,DC=example,DC=com" \
331 # --certificate="FILE:$CAFILE" --lifetime="25 years"
333 open(CAFILE, ">$cafile");
335 -----BEGIN CERTIFICATE-----
336 MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
337 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
338 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
339 MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
340 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
341 A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
342 I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
343 ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
344 AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
345 KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
346 yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR
347 HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g=
348 -----END CERTIFICATE-----
351 #generated with GNUTLS internally in Samba.
353 open(CERTFILE, ">$certfile");
354 print CERTFILE <<EOF;
355 -----BEGIN CERTIFICATE-----
356 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
357 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
358 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
359 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
360 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
361 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
362 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
363 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
364 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
365 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
366 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
367 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
368 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
369 -----END CERTIFICATE-----
374 # hxtool request-create \
375 # --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
376 # --key="FILE:$KEYFILE" $KDCREQ
378 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
379 # --type="pkinit-kdc" \
380 # --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
381 # --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
382 # --lifetime="25 years"
384 open(KDCCERTFILE, ">$kdccertfile");
385 print KDCCERTFILE <<EOF;
386 -----BEGIN CERTIFICATE-----
387 MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
388 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
389 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
390 MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
391 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
392 Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
393 yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
394 PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
395 AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
396 S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
397 dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
398 MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
399 AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
400 ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv
401 KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg==
402 -----END CERTIFICATE-----
405 # hxtool request-create \
406 # --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
407 # --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
409 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
410 # --type="pkinit-client" \
411 # --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
412 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
413 # --lifetime="25 years"
415 open(ADMINCERTFILE, ">$admincertfile");
416 print ADMINCERTFILE <<EOF;
417 -----BEGIN CERTIFICATE-----
418 MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
419 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
420 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
421 MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
422 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
423 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
424 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
425 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
426 l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
427 BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
428 RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
429 ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV
430 HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
431 7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma
432 nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
433 -----END CERTIFICATE-----
435 close(ADMINCERTFILE);
437 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
438 # --type="pkinit-client" \
439 # --ms-upn="administrator@samba.example.com" \
440 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
441 # --lifetime="25 years"
443 open(ADMINCERTUPNFILE, ">$admincertupnfile");
444 print ADMINCERTUPNFILE <<EOF;
445 -----BEGIN CERTIFICATE-----
446 MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
447 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
448 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
449 MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
450 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
451 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
452 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
453 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
454 l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
455 BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
456 c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
457 +jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
458 9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS
459 Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
460 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
461 -----END CERTIFICATE-----
467 my ($self, $ctx) = @_;
469 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
470 warn("can't open $ctx->{krb5_conf}$?");
474 #Generated krb5.conf for $ctx->{realm}
477 default_realm = $ctx->{realm}
478 dns_lookup_realm = false
479 dns_lookup_kdc = false
480 ticket_lifetime = 24h
482 allow_weak_crypto = yes
486 kdc = $ctx->{kdc_ipv4}:88
487 admin_server = $ctx->{kdc_ipv4}:88
488 default_domain = $ctx->{dnsname}
491 kdc = $ctx->{kdc_ipv4}:88
492 admin_server = $ctx->{kdc_ipv4}:88
493 default_domain = $ctx->{dnsname}
496 kdc = $ctx->{kdc_ipv4}:88
497 admin_server = $ctx->{kdc_ipv4}:88
498 default_domain = $ctx->{dnsname}
502 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
506 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
507 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
510 .$ctx->{dnsname} = $ctx->{realm}
515 sub provision_raw_prepare($$$$$$$$$$)
517 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
518 $domain, $realm, $functional_level,
519 $swiface, $password, $kdc_ipv4) = @_;
522 unless(-d $prefix or mkdir($prefix, 0777)) {
523 warn("Unable to create $prefix");
526 my $prefix_abs = abs_path($prefix);
528 die ("prefix=''") if $prefix_abs eq "";
529 die ("prefix='/'") if $prefix_abs eq "/";
531 unless (system("rm -rf $prefix_abs/*") == 0) {
532 warn("Unable to clean up");
535 $ctx->{prefix} = $prefix;
536 $ctx->{prefix_abs} = $prefix_abs;
538 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
540 $ctx->{server_role} = $server_role;
541 $ctx->{netbiosname} = $netbiosname;
542 $ctx->{netbiosalias} = $netbiosalias;
543 $ctx->{swiface} = $swiface;
544 $ctx->{password} = $password;
545 $ctx->{kdc_ipv4} = $kdc_ipv4;
547 $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
548 $ctx->{username} = "Administrator";
549 $ctx->{domain} = $domain;
550 $ctx->{realm} = uc($realm);
551 $ctx->{dnsname} = lc($realm);
552 $ctx->{sid_generator} = "internal";
554 $ctx->{functional_level} = $functional_level;
556 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
558 $ctx->{unix_name} = $unix_name;
559 $ctx->{unix_uid} = $>;
560 $ctx->{unix_gids_str} = $);
561 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
563 $ctx->{etcdir} = "$prefix_abs/etc";
564 $ctx->{piddir} = "$prefix_abs/pid";
565 $ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
566 $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
567 $ctx->{privatedir} = "$prefix_abs/private";
568 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
569 $ctx->{lockdir} = "$prefix_abs/lockdir";
570 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
571 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
572 $ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
573 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
574 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
576 $ctx->{tlsdir} = "$ctx->{privatedir}/tls";
578 $ctx->{ipv4} = "127.0.0.$swiface";
579 $ctx->{interfaces} = "$ctx->{ipv4}/8";
581 push(@{$ctx->{directories}}, $ctx->{privatedir});
582 push(@{$ctx->{directories}}, $ctx->{etcdir});
583 push(@{$ctx->{directories}}, $ctx->{piddir});
584 push(@{$ctx->{directories}}, $ctx->{ncalrpcdir});
585 push(@{$ctx->{directories}}, $ctx->{lockdir});
587 $ctx->{smb_conf_extra_options} = "";
589 my @provision_options = ();
590 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
591 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
592 if (defined($ENV{GDB_PROVISION})) {
593 push (@provision_options, "gdb --args");
594 if (!defined($ENV{PYTHON})) {
595 push (@provision_options, "env");
596 push (@provision_options, "python");
599 if (defined($ENV{VALGRIND_PROVISION})) {
600 push (@provision_options, "valgrind");
601 if (!defined($ENV{PYTHON})) {
602 push (@provision_options, "env");
603 push (@provision_options, "python");
606 if (defined($ENV{PYTHON})) {
607 push (@provision_options, $ENV{PYTHON});
609 push (@provision_options, "$self->{srcdir}/source4/setup/provision");
610 push (@provision_options, "--configfile=$ctx->{smb_conf}");
611 push (@provision_options, "--host-name=$ctx->{netbiosname}");
612 push (@provision_options, "--host-ip=$ctx->{ipv4}");
613 push (@provision_options, "--quiet");
614 push (@provision_options, "--domain=$ctx->{domain}");
615 push (@provision_options, "--realm=$ctx->{realm}");
616 push (@provision_options, "--adminpass=$ctx->{password}");
617 push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
618 push (@provision_options, "--machinepass=machine$ctx->{password}");
619 push (@provision_options, "--root=$ctx->{unix_name}");
620 push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
621 push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
623 @{$ctx->{provision_options}} = @provision_options;
629 # Step1 creates the basic configuration
631 sub provision_raw_step1($$)
633 my ($self, $ctx) = @_;
635 mkdir($_, 0777) foreach (@{$ctx->{directories}});
637 unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
638 warn("can't open $ctx->{smb_conf}$?");
643 netbios name = $ctx->{netbiosname}
644 netbios aliases = $ctx->{netbiosalias}
645 posix:eadb = $ctx->{lockdir}/eadb.tdb
646 workgroup = $ctx->{domain}
647 realm = $ctx->{realm}
648 private dir = $ctx->{privatedir}
649 pid directory = $ctx->{piddir}
650 ncalrpc dir = $ctx->{ncalrpcdir}
651 lock dir = $ctx->{lockdir}
652 winbindd socket directory = $ctx->{winbindd_socket_dir}
653 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
654 ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
655 winbind separator = /
656 name resolve order = file bcast
657 interfaces = $ctx->{interfaces}
658 tls dh params file = $ctx->{tlsdir}/dhparms.pem
659 panic action = $RealBin/gdb_backtrace \%PID% \%PROG%
661 server role = $ctx->{server_role}
662 server services = +echo
663 notify:inotify = false
665 #We don't want to pass our self-tests if the PAC code is wrong
666 gensec:require_pac = true
667 log level = $ctx->{server_loglevel}
670 dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file}
671 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate
672 resolv:host file = $ctx->{dns_host_file}
673 dreplsrv:periodic_startup_interval = 0
676 if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
678 sid generator = $ctx->{sid_generator}";
683 # Begin extra options
684 $ctx->{smb_conf_extra_options}
689 $self->mk_keyblobs($ctx->{tlsdir});
691 $self->mk_krb5_conf($ctx);
693 open(PWD, ">$ctx->{nsswrap_passwd}");
695 root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
696 $ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
697 nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
701 open(GRP, ">$ctx->{nsswrap_group}");
707 nogroup:x:65534:nobody
711 my $configuration = "--configfile=$ctx->{smb_conf}";
713 #Ensure the config file is valid before we start
714 my $testparm = $self->scriptdir_path("bin/testparm");
715 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
716 system("$testparm -v --suppress-prompt $configuration >&2");
717 warn("Failed to create a valid smb.conf configuration $testparm!");
720 unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
721 warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
726 KRB5_CONFIG => $ctx->{krb5_conf},
727 PIDDIR => $ctx->{piddir},
728 SERVER => $ctx->{netbiosname},
729 SERVER_IP => $ctx->{ipv4},
730 NETBIOSNAME => $ctx->{netbiosname},
731 NETBIOSALIAS => $ctx->{netbiosalias},
732 DOMAIN => $ctx->{domain},
733 USERNAME => $ctx->{username},
734 REALM => $ctx->{realm},
735 PASSWORD => $ctx->{password},
736 LDAPDIR => $ctx->{ldapdir},
737 LDAP_INSTANCE => $ctx->{ldap_instance},
738 WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
739 NCALRPCDIR => $ctx->{ncalrpcdir},
740 LOCKDIR => $ctx->{lockdir},
741 SERVERCONFFILE => $ctx->{smb_conf},
742 CONFIGURATION => $configuration,
743 SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
744 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
745 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
746 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
747 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
748 SAMBA_TEST_LOG_POS => 0,
755 # Step2 runs the provision script
757 sub provision_raw_step2($$$)
759 my ($self, $ctx, $ret) = @_;
761 my $provision_cmd = join(" ", @{$ctx->{provision_options}});
762 unless (system($provision_cmd) == 0) {
763 warn("Unable to provision: \n$provision_cmd\n");
770 sub provision($$$$$$$$$)
772 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
773 $domain, $realm, $functional_level,
774 $swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_;
776 my $ctx = $self->provision_raw_prepare($prefix, $server_role,
777 $netbiosname, $netbiosalias,
778 $domain, $realm, $functional_level,
779 $swiface, $password, $kdc_ipv4);
781 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp";
782 push(@{$ctx->{directories}}, "$ctx->{tmpdir}");
783 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test1");
784 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test2");
786 $msdfs = "yes" if ($server_role eq "domain controller");
787 $ctx->{smb_conf_extra_options} = "
790 server max protocol = SMB2
791 $extra_smbconf_options
796 path = $ctx->{tmpdir}
798 posix:sharedelay = 10000
799 posix:oplocktimeout = 3
800 posix:writetimeupdatedelay = 500000
803 path = $ctx->{tmpdir}/test1
805 posix:sharedelay = 10000
806 posix:oplocktimeout = 3
807 posix:writetimeupdatedelay = 50000
810 path = $ctx->{tmpdir}/test2
812 posix:sharedelay = 10000
813 posix:oplocktimeout = 3
814 posix:writetimeupdatedelay = 50000
819 cifs:server = $ctx->{netbiosname}
821 #There is no username specified here, instead the client is expected
822 #to log in with kerberos, and the serverwill use delegated credentials.
825 path = $ctx->{tmpdir}
827 ntvfs handler = simple
830 path = $ctx->{lockdir}/sysvol
834 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
839 ntvfs handler = cifsposix
842 if (defined($self->{ldap})) {
843 $ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
844 push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
846 my $ldap_uri= "$ctx->{ldapdir}/ldapi";
847 $ldap_uri =~ s|/|%2F|g;
848 $ldap_uri = "ldapi://$ldap_uri";
849 $ctx->{ldap_uri} = $ldap_uri;
850 if ($self->{ldap} eq "fedora-ds") {
851 $ctx->{sid_generator} = "backend";
854 $ctx->{ldap_instance} = lc($ctx->{netbiosname});
857 my $ret = $self->provision_raw_step1($ctx);
858 unless (defined $ret) {
862 if (defined($self->{ldap})) {
863 $ret->{LDAP_URI} = $ctx->{ldap_uri};
864 push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
865 push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
866 if ($self->{ldap} eq "openldap") {
867 push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
868 ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
870 } elsif ($self->{ldap} eq "fedora-ds") {
871 push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
872 push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
873 ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
878 return $self->provision_raw_step2($ctx, $ret);
881 sub provision_member($$$)
883 my ($self, $prefix, $dcvars) = @_;
884 print "PROVISIONING MEMBER...";
886 my $ret = $self->provision($prefix,
895 $dcvars->{SERVER_IP},
901 my $samba_tool = $self->bindir_path("samba-tool");
903 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
904 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
905 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";
906 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
908 unless (system($cmd) == 0) {
909 warn("Join failed\n$cmd");
913 $ret->{MEMBER_SERVER} = $ret->{SERVER};
914 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
915 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
916 $ret->{MEMBER_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
917 $ret->{MEMBER_USERNAME} = $ret->{USERNAME};
918 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
920 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
921 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
922 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
923 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
924 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
925 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
930 sub provision_rpc_proxy($$$)
932 my ($self, $prefix, $dcvars) = @_;
933 print "PROVISIONING RPC PROXY...";
935 my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc
936 dcerpc endpoint servers = epmapper, remote
937 dcerpc_remote:interfaces = rpcecho
940 my $ret = $self->provision($prefix,
949 $dcvars->{SERVER_IP},
950 $extra_smbconf_options);
956 my $samba_tool = $self->bindir_path("samba-tool");
958 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
959 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
960 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";
961 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
963 unless (system($cmd) == 0) {
964 warn("Join failed\n$cmd");
968 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
969 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
970 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
971 $ret->{RPC_PROXY_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
972 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
973 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
975 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
976 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
977 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
978 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
979 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
980 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
985 sub provision_vampire_dc($$$)
987 my ($self, $prefix, $dcvars) = @_;
988 print "PROVISIONING VAMPIRE DC...";
990 # We do this so that we don't run the provision. That's the job of 'net vampire'.
991 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
997 2, $dcvars->{PASSWORD},
998 $dcvars->{SERVER_IP});
1000 $ctx->{smb_conf_extra_options} = "
1002 server max protocol = SMB2
1005 path = $ctx->{lockdir}/sysvol
1009 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
1014 my $ret = $self->provision_raw_step1($ctx);
1019 my $samba_tool = $self->bindir_path("samba-tool");
1021 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1022 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1023 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1024 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1026 unless (system($cmd) == 0) {
1027 warn("Join failed\n$cmd");
1031 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
1032 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
1033 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1034 $ret->{VAMPIRE_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1036 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1037 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1038 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1039 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
1040 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1041 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1046 sub provision_dc($$)
1048 my ($self, $prefix) = @_;
1050 print "PROVISIONING DC...";
1051 my $ret = $self->provision($prefix,
1052 "domain controller",
1056 "samba.example.com",
1062 return undef unless(defined $ret);
1063 unless($self->add_wins_config("$prefix/private")) {
1064 warn("Unable to add wins configuration");
1068 $ret->{DC_SERVER} = $ret->{SERVER};
1069 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1070 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1071 $ret->{DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1072 $ret->{DC_USERNAME} = $ret->{USERNAME};
1073 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1078 sub provision_fl2000dc($$)
1080 my ($self, $prefix) = @_;
1082 print "PROVISIONING DC...";
1083 my $ret = $self->provision($prefix,
1084 "domain controller",
1088 "samba2000.example.com",
1094 unless($self->add_wins_config("$prefix/private")) {
1095 warn("Unable to add wins configuration");
1102 sub provision_fl2003dc($$)
1104 my ($self, $prefix) = @_;
1106 print "PROVISIONING DC...";
1107 my $ret = $self->provision($prefix,
1108 "domain controller",
1112 "samba2003.example.com",
1118 unless($self->add_wins_config("$prefix/private")) {
1119 warn("Unable to add wins configuration");
1126 sub provision_fl2008r2dc($$)
1128 my ($self, $prefix) = @_;
1130 print "PROVISIONING DC...";
1131 my $ret = $self->provision($prefix,
1132 "domain controller",
1136 "samba2008R2.example.com",
1142 unless ($self->add_wins_config("$prefix/private")) {
1143 warn("Unable to add wins configuration");
1151 sub provision_rodc($$$)
1153 my ($self, $prefix, $dcvars) = @_;
1154 print "PROVISIONING RODC...";
1156 # We do this so that we don't run the provision. That's the job of 'net join RODC'.
1157 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1161 "samba.example.com",
1163 8, $dcvars->{PASSWORD},
1164 $dcvars->{SERVER_IP});
1169 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp";
1170 push(@{$ctx->{directories}}, "$ctx->{tmpdir}");
1172 $ctx->{smb_conf_extra_options} = "
1174 server max protocol = SMB2
1177 path = $ctx->{lockdir}/sysvol
1181 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
1185 path = $ctx->{tmpdir}
1187 posix:sharedelay = 10000
1188 posix:oplocktimeout = 3
1189 posix:writetimeupdatedelay = 500000
1193 my $ret = $self->provision_raw_step1($ctx);
1198 my $samba_tool = $self->bindir_path("samba-tool");
1200 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1201 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1202 $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
1203 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1204 $cmd .= " --server=$dcvars->{DC_SERVER}";
1206 unless (system($cmd) == 0) {
1207 warn("RODC join failed\n$cmd");
1211 # we overwrite the kdc after the RODC join
1212 # so that use the RODC as kdc and test
1214 $ctx->{kdc_ipv4} = $ret->{SERVER_IP};
1215 $self->mk_krb5_conf($ctx);
1217 $ret->{RODC_DC_SERVER} = $ret->{SERVER};
1218 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
1219 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1220 $ret->{RODC_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1222 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1223 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1224 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1225 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
1226 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1227 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1232 sub teardown_env($$)
1234 my ($self, $envvars) = @_;
1239 if (open(IN, "<$envvars->{PIDDIR}/samba.pid")) {
1243 # Give the process 20 seconds to exit. gcov needs
1244 # this time to write out the covarge data
1246 until (kill(0, $pid) == 0) {
1247 # if no process sucessfully signalled, then we are done
1250 last if $count > 20;
1253 # If it is still around, kill it
1255 print "server process $pid took more than $count seconds to exit, killing\n";
1260 my $failed = $? >> 8;
1262 $self->slapd_stop($envvars) if ($self->{ldap});
1264 print $self->getlog_env($envvars);
1271 my ($self, $envvars) = @_;
1272 my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
1275 open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
1277 seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
1281 $envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
1284 return "" if $out eq $title;
1291 my ($self, $envvars) = @_;
1293 return (-p $envvars->{SAMBA_TEST_FIFO});
1298 my ($self, $envname, $path) = @_;
1299 my $target3 = $self->{target3};
1301 $ENV{ENVNAME} = $envname;
1303 if ($envname eq "dc") {
1304 return $self->setup_dc("$path/dc");
1305 } elsif ($envname eq "fl2000dc") {
1306 return $self->setup_fl2000dc("$path/fl2000dc");
1307 } elsif ($envname eq "fl2003dc") {
1308 return $self->setup_fl2003dc("$path/fl2003dc");
1309 } elsif ($envname eq "fl2008r2dc") {
1310 return $self->setup_fl2008r2dc("$path/fl2008r2dc");
1311 } elsif ($envname eq "rpc_proxy") {
1312 if (not defined($self->{vars}->{dc})) {
1313 $self->setup_dc("$path/dc");
1315 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
1316 } elsif ($envname eq "vampire_dc") {
1317 if (not defined($self->{vars}->{dc})) {
1318 $self->setup_dc("$path/dc");
1320 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
1321 } elsif ($envname eq "member") {
1322 if (not defined($self->{vars}->{dc})) {
1323 $self->setup_dc("$path/dc");
1325 return $self->setup_member("$path/member", $self->{vars}->{dc});
1326 } elsif ($envname eq "rodc") {
1327 if (not defined($self->{vars}->{dc})) {
1328 $self->setup_dc("$path/dc");
1330 return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
1331 } elsif ($envname eq "s3member") {
1332 if (not defined($self->{vars}->{dc})) {
1333 $self->setup_dc("$path/dc");
1335 return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 9);
1336 } elsif ($envname eq "all") {
1337 if (not defined($self->{vars}->{dc})) {
1338 $ENV{ENVNAME} = "dc";
1339 $self->setup_dc("$path/dc");
1341 my $ret = $self->setup_member("$path/member", $self->{vars}->{dc});
1342 if (not defined($self->{vars}->{rpc_proxy})) {
1343 $ENV{ENVNAME} = "rpc_proxy";
1344 my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
1346 $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER};
1347 $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP};
1348 $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME};
1349 $ret->{RPC_PROXY_NETBIOSALIAS} = $rpc_proxy_ret->{NETBIOSALIAS};
1350 $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME};
1351 $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD};
1353 if (not defined($self->{vars}->{fl2000dc})) {
1354 $ENV{ENVNAME} = "fl2000dc";
1355 my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc});
1357 $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER};
1358 $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP};
1359 $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME};
1360 $ret->{FL2000DC_NETBIOSALIAS} = $fl2000dc_ret->{NETBIOSALIAS};
1361 $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME};
1362 $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD};
1364 if (not defined($self->{vars}->{fl2003dc})) {
1365 $ENV{ENVNAME} = "fl2003dc";
1366 my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc});
1368 $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER};
1369 $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP};
1370 $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME};
1371 $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS};
1372 $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME};
1373 $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD};
1375 if (not defined($self->{vars}->{fl2008r2dc})) {
1376 $ENV{ENVNAME} = "fl2008r2dc";
1377 my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc});
1379 $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER};
1380 $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP};
1381 $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME};
1382 $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS};
1383 $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
1384 $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
1386 if (not defined($self->{vars}->{s3member})) {
1387 $ENV{ENVNAME} = "s3member";
1388 my $s3member_ret = $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 9);
1389 $self->{vars}->{s3member} = $s3member_ret;
1391 $ret->{S3MEMBER_SERVER} = $s3member_ret->{SERVER};
1392 $ret->{S3MEMBER_SERVER_IP} = $s3member_ret->{SERVER_IP};
1393 $ret->{S3MEMBER_NETBIOSNAME} = $s3member_ret->{NETBIOSNAME};
1394 $ret->{S3MEMBER_NETBIOSALIAS} = $s3member_ret->{NETBIOSALIAS};
1395 $ret->{S3MEMBER_USERNAME} = $s3member_ret->{USERNAME};
1396 $ret->{S3MEMBER_PASSWORD} = $s3member_ret->{PASSWORD};
1400 warn("Samba4 can't provide environment '$envname'");
1405 sub setup_member($$$)
1407 my ($self, $path, $dc_vars) = @_;
1409 my $env = $self->provision_member($path, $dc_vars);
1412 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));
1414 $self->wait_for_start($env);
1416 $self->{vars}->{member} = $env;
1422 sub setup_rpc_proxy($$$)
1424 my ($self, $path, $dc_vars) = @_;
1426 my $env = $self->provision_rpc_proxy($path, $dc_vars);
1429 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));
1431 $self->wait_for_start($env);
1433 $self->{vars}->{rpc_proxy} = $env;
1440 my ($self, $path) = @_;
1442 my $env = $self->provision_dc($path);
1444 $self->check_or_start($env,
1445 ($ENV{SMBD_MAXTIME} or 7500));
1447 $self->wait_for_start($env);
1449 $self->{vars}->{dc} = $env;
1454 sub setup_fl2000dc($$)
1456 my ($self, $path) = @_;
1458 my $env = $self->provision_fl2000dc($path);
1460 $self->check_or_start($env,
1461 ($ENV{SMBD_MAXTIME} or 7500));
1463 $self->wait_for_start($env);
1465 $self->{vars}->{fl2000dc} = $env;
1471 sub setup_fl2003dc($$)
1473 my ($self, $path) = @_;
1475 my $env = $self->provision_fl2003dc($path);
1478 $self->check_or_start($env,
1479 ($ENV{SMBD_MAXTIME} or 7500));
1481 $self->wait_for_start($env);
1483 $self->{vars}->{fl2003dc} = $env;
1488 sub setup_fl2008r2dc($$)
1490 my ($self, $path) = @_;
1492 my $env = $self->provision_fl2008r2dc($path);
1495 $self->check_or_start($env,
1496 ($ENV{SMBD_MAXTIME} or 7500));
1498 $self->wait_for_start($env);
1500 $self->{vars}->{fl2008r2dc} = $env;
1506 sub setup_vampire_dc($$$)
1508 my ($self, $path, $dc_vars) = @_;
1510 my $env = $self->provision_vampire_dc($path, $dc_vars);
1513 $self->check_or_start($env,
1514 ($ENV{SMBD_MAXTIME} or 7500));
1516 $self->wait_for_start($env);
1518 $self->{vars}->{vampire_dc} = $env;
1520 # force replicated DC to update repsTo/repsFrom
1521 # for vampired partitions
1522 my $samba_tool = $self->bindir_path("samba-tool");
1524 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
1525 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
1526 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
1527 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
1528 unless (system($cmd) == 0) {
1529 warn("Failed to exec kcc\n$cmd");
1533 # as 'vampired' dc may add data in its local replica
1534 # we need to synchronize data between DCs
1535 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
1536 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
1537 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
1538 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}";
1539 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
1540 # replicate Configuration NC
1541 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
1542 unless(system($cmd_repl) == 0) {
1543 warn("Failed to replicate\n$cmd_repl");
1546 # replicate Default NC
1547 $cmd_repl = "$cmd \"$base_dn\"";
1548 unless(system($cmd_repl) == 0) {
1549 warn("Failed to replicate\n$cmd_repl");
1559 my ($self, $path, $dc_vars) = @_;
1561 my $env = $self->provision_rodc($path, $dc_vars);
1567 $self->check_or_start($env,
1568 ($ENV{SMBD_MAXTIME} or 7500));
1570 $self->wait_for_start($env);
1572 $self->{vars}->{rodc} = $env;