2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
15 my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
18 samba3 => new Samba3($bindir, $srcdir, $server_maxtime),
19 samba4 => new Samba4($bindir, $ldap, $srcdir, $server_maxtime),
25 %Samba::ENV_DEPS = (%Samba3::ENV_DEPS, %Samba4::ENV_DEPS);
28 %Samba::ENV_DEPS_POST = (%Samba3::ENV_DEPS_POST, %Samba4::ENV_DEPS_POST);
31 %Samba::ENV_TARGETS = (
32 (map { $_ => "Samba3" } keys %Samba3::ENV_DEPS),
33 (map { $_ => "Samba4" } keys %Samba4::ENV_DEPS),
37 %Samba::ENV_NEEDS_AD_DC = (
38 (map { $_ => 1 } keys %Samba4::ENV_DEPS)
41 foreach my $env (keys %Samba3::ENV_DEPS) {
42 $ENV_NEEDS_AD_DC{$env} = ($env =~ /^ad_/);
47 my ($self, $envname, $path) = @_;
49 my $targetname = $ENV_TARGETS{$envname};
50 if (not defined($targetname)) {
51 warn("Samba can't provide environment '$envname'");
56 "Samba3" => $self->{samba3},
57 "Samba4" => $self->{samba4}
59 my $target = $targetlookup{$targetname};
61 if (defined($target->{vars}->{$envname})) {
62 return $target->{vars}->{$envname};
65 $target->{vars}->{$envname} = "";
68 foreach(@{$ENV_DEPS{$envname}}) {
69 my $vars = $self->setup_env($_, $path);
71 push(@dep_vars, $vars);
73 warn("Failed setting up $_ as a dependency of $envname");
78 $ENV{ENVNAME} = $envname;
79 # Avoid hitting system krb5.conf -
80 # An env that needs Kerberos will reset this to the real value.
81 $ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
83 my $setup_name = $ENV_TARGETS{$envname}."::setup_".$envname;
84 my $setup_sub = \&$setup_name;
85 my $env = &$setup_sub($target, "$path/$envname", @dep_vars);
87 if (not defined($env)) {
88 warn("failed to start up environment '$envname'");
92 $target->{vars}->{$envname} = $env;
93 $target->{vars}->{$envname}->{target} = $target;
95 foreach(@{$ENV_DEPS_POST{$envname}}) {
96 my $vars = $self->setup_env($_, $path);
97 if (not defined($vars)) {
105 sub bindir_path($$) {
106 my ($object, $path) = @_;
108 my $valpath = "$object->{bindir}/$path";
111 if (defined $ENV{'PYTHON'}) {
112 $python_cmd = $ENV{'PYTHON'} . " ";
115 if (-f $valpath or -d $valpath) {
118 # make sure we prepend samba-tool with calling $PYTHON python version
119 if ($path eq "samba-tool") {
120 $result = $python_cmd . $result;
125 sub nss_wrapper_winbind_so_path($) {
127 my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
128 if (not defined($ret)) {
129 $ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2");
130 $ret = abs_path($ret);
135 sub copy_file_content($$)
138 open(IN, "${in}") or die("failed to open in[${in}] for reading: $!");
139 open(OUT, ">${out}") or die("failed to open out[${out}] for writing: $!");
147 sub prepare_keyblobs($)
151 my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
152 my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
153 my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
154 my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}";
155 my $dcdir = "$cadir/DCs/$dcdnsname";
156 my $dccert = "$dcdir/DC-$dcdnsname-cert.pem";
157 my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem";
158 my $adminprincipalname = "administrator\@$ctx->{dnsname}";
159 my $admindir = "$cadir/Users/$adminprincipalname";
160 my $admincert = "$admindir/USER-$adminprincipalname-cert.pem";
161 my $adminkey_private = "$admindir/USER-$adminprincipalname-private-key.pem";
162 my $pkinitprincipalname = "pkinit\@$ctx->{dnsname}";
163 my $pkinitdir = "$cadir/Users/$pkinitprincipalname";
164 my $pkinitcert = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
165 my $pkinitkey_private = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
167 my $tlsdir = "$ctx->{tlsdir}";
168 my $pkinitdir = "$ctx->{prefix_abs}/pkinit";
169 #TLS and PKINIT crypto blobs
170 my $dhfile = "$tlsdir/dhparms.pem";
171 my $cafile = "$tlsdir/ca.pem";
172 my $crlfile = "$tlsdir/crl.pem";
173 my $certfile = "$tlsdir/cert.pem";
174 my $keyfile = "$tlsdir/key.pem";
175 my $admincertfile = "$pkinitdir/USER-$adminprincipalname-cert.pem";
176 my $adminkeyfile = "$pkinitdir/USER-$adminprincipalname-private-key.pem";
177 my $pkinitcertfile = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
178 my $pkinitkeyfile = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
180 mkdir($tlsdir, 0700);
181 mkdir($pkinitdir, 0700);
182 my $oldumask = umask;
185 # This is specified here to avoid draining entropy on every run
187 # openssl dhparam -out dhparms.pem -text -2 8192
188 open(DHFILE, ">$dhfile");
190 -----BEGIN DH PARAMETERS-----
191 MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87
192 SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe
193 pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx
194 XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB
195 WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
196 yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p
197 jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb
198 Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
199 N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR
200 +yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
201 YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
202 tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d
203 05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
204 OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7
205 MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL
206 xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM
207 04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV
208 /cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
209 XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
210 DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H
211 YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx
212 RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg==
213 -----END DH PARAMETERS-----
217 if (! -e ${dckey_private}) {
222 copy_file_content(${cacert}, ${cafile});
223 copy_file_content(${cacrl_pem}, ${crlfile});
224 copy_file_content(${dccert}, ${certfile});
225 copy_file_content(${dckey_private}, ${keyfile});
226 if (-e ${adminkey_private}) {
227 copy_file_content(${admincert}, ${admincertfile});
228 copy_file_content(${adminkey_private}, ${adminkeyfile});
230 if (-e ${pkinitkey_private}) {
231 copy_file_content(${pkinitcert}, ${pkinitcertfile});
232 copy_file_content(${pkinitkey_private}, ${pkinitkeyfile});
235 # COMPAT stuff to be removed in a later commit
236 my $kdccertfile = "$tlsdir/kdc.pem";
237 copy_file_content(${dccert}, ${kdccertfile});
246 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
247 warn("can't open $ctx->{krb5_conf}$?");
251 my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
256 #Generated krb5.conf for $ctx->{realm}
259 default_realm = $ctx->{realm}
260 dns_lookup_realm = false
261 dns_lookup_kdc = true
262 ticket_lifetime = 24h
264 allow_weak_crypto = yes
266 # We are running on the same machine, do not correct
267 # system clock differences
272 if (defined($ENV{MITKRB5})) {
274 # Set the grace clocskew to 5 seconds
275 # This is especially required by samba3.raw.session krb5 and
276 # reauth tests when not using Heimdal
281 if (defined($ctx->{krb5_ccname})) {
283 default_ccache_name = $ctx->{krb5_ccname}
288 if (defined($ctx->{supported_enctypes})) {
290 default_etypes = $ctx->{supported_enctypes}
291 default_as_etypes = $ctx->{supported_enctypes}
292 default_tgs_enctypes = $ctx->{supported_enctypes}
293 default_tkt_enctypes = $ctx->{supported_enctypes}
294 permitted_enctypes = $ctx->{supported_enctypes}
304 if (defined($ctx->{tlsdir})) {
308 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
312 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
313 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
320 sub mk_realms_stanza($$$$)
322 my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
323 my $lc_domain = lc($domain);
325 my $realms_stanza = "
328 admin_server = $kdc_ipv4:88
329 default_domain = $dnsname
333 admin_server = $kdc_ipv4:88
334 default_domain = $dnsname
338 admin_server = $kdc_ipv4:88
339 default_domain = $dnsname
343 admin_server = $kdc_ipv4:88
344 default_domain = $dnsname
348 return $realms_stanza;
351 sub mk_mitkdc_conf($$)
353 # samba_kdb_dir is the path to mit_samba.so
354 my ($ctx, $samba_kdb_dir) = @_;
356 unless (open(KDCCONF, ">$ctx->{mitkdc_conf}")) {
357 warn("can't open $ctx->{mitkdc_conf}$?");
362 # Generated kdc.conf for $ctx->{realm}
379 db_module_dir = $samba_kdb_dir
394 kdc = FILE:$ctx->{logdir}/mit_kdc.log
400 sub realm_to_ip_mappings
402 # this maps the DNS realms for the various testenvs to the corresponding
403 # PDC (i.e. the first DC created for that realm).
404 my %realm_to_pdc_mapping = (
405 'adnonssdom.samba.example.com' => 'addc_no_nss',
406 'adnontlmdom.samba.example.com' => 'addc_no_ntlm',
407 'samba2000.example.com' => 'dc5',
408 'samba2003.example.com' => 'dc6',
409 'samba2008r2.example.com' => 'dc7',
410 'addom.samba.example.com' => 'addc',
411 'sub.samba.example.com' => 'localsubdc',
412 'chgdcpassword.samba.example.com' => 'chgdcpass',
413 'backupdom.samba.example.com' => 'backupfromdc',
414 'renamedom.samba.example.com' => 'renamedc',
415 'labdom.samba.example.com' => 'labdc',
416 'schema.samba.example.com' => 'liveupgrade1dc',
417 'samba.example.com' => 'localdc',
422 # convert the hashmap to a list of key=value strings, where key is the
423 # realm and value is the IP address
424 while (my ($realm, $pdc) = each(%realm_to_pdc_mapping)) {
425 my $ipaddr = get_ipv4_addr($pdc);
426 push(@mapping, "$realm=$ipaddr");
428 # return the mapping as a single comma-separated string
429 return join(',', @mapping);
434 my ($netbiosname) = @_;
435 $netbiosname = lc($netbiosname);
437 # this maps the SOCKET_WRAPPER_DEFAULT_IFACE value for each possible
438 # testenv to the DC's NETBIOS name. This value also corresponds to last
439 # digit of the DC's IP address. Note that the NETBIOS name may differ from
441 # Note that when adding a DC with a new realm, also update
442 # get_realm_ip_mappings() above.
443 my %testenv_iface_mapping = (
445 localnt4member3 => 4,
453 # 11-16 are used by selftest.pl for the client.conf. Most tests only
454 # use the first .11 IP. However, some tests (like winsreplication) rely
455 # on the client having multiple IPs.
461 idmapridmember => 20,
463 localvampiredc => 22,
477 fakednsforwarder1 => 36,
478 fakednsforwarder2 => 37,
485 offlinebackupdc => 44,
489 liveupgrade1dc => 48,
490 liveupgrade2dc => 49,
492 rootdnsforwarder => 64,
494 # Note: that you also need to update dns_hub.py when adding a new
496 # update lib/socket_wrapper/socket_wrapper.c
497 # #define MAX_WRAPPED_INTERFACES 64
498 # if you wish to have more than 64 interfaces
501 if (not defined($testenv_iface_mapping{$netbiosname})) {
505 return $testenv_iface_mapping{$netbiosname};
510 my ($hostname, $iface_num) = @_;
511 my $swiface = Samba::get_interface($hostname);
513 # Handle testenvs with multiple different addresses, i.e. IP multihoming.
514 # Currently only the selftest client has multiple IPv4 addresses.
515 if (defined($iface_num)) {
516 $swiface += $iface_num;
519 return "127.0.0.$swiface";
525 my $swiface = Samba::get_interface($hostname);
527 return sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
530 # returns the 'interfaces' setting for smb.conf, i.e. the IPv4/IPv6
531 # addresses for testenv
532 sub get_interfaces_config
534 my ($hostname, $num_ips) = @_;
537 # We give the client.conf multiple different IPv4 addresses.
538 # All other testenvs generally just have one IPv4 address.
539 if (! defined($num_ips)) {
542 for (my $i = 0; $i < $num_ips; $i++) {
543 my $ipv4_addr = Samba::get_ipv4_addr($hostname, $i);
544 $interfaces .= "$ipv4_addr/8 ";
547 my $ipv6_addr = Samba::get_ipv6_addr($hostname);
548 $interfaces .= "$ipv6_addr/64";
553 sub cleanup_child($$)
555 my ($pid, $name) = @_;
557 if (!defined($pid)) {
558 print STDERR "cleanup_child: pid not defined ... not calling waitpid\n";
562 my $childpid = waitpid($pid, WNOHANG);
564 if ($childpid == 0) {
565 } elsif ($childpid < 0) {
566 printf STDERR "%s child process %d isn't here any more\n", $name, $pid;
569 printf STDERR "%s child process %d, died with signal %d, %s coredump\n",
570 $name, $childpid, ($? & 127), ($? & 128) ? 'with' : 'without';
572 printf STDERR "%s child process %d exited with value %d\n", $name, $childpid, $? >> 8;
577 sub random_domain_sid()
579 my $domain_sid = "S-1-5-21-". int(rand(4294967295)) . "-" . int(rand(4294967295)) . "-" . int(rand(4294967295));
583 my @exported_envvars = (
590 # stuff related to a trusted domain
598 # domain controller stuff
613 # only use these 2 as a last resort. Some tests need to test both client-
614 # side and server-side. In this case, run as default client, ans access
615 # server's smb.conf as needed, typically using:
616 # param.LoadParm(filename_for_non_global_lp=os.environ['SERVERCONFFILE'])
627 # UID/GID for rfc2307 mapping tests
634 "SELFTEST_WINBINDD_SOCKET_DIR",
640 "UNACCEPTABLE_PASSWORD",
645 "NSS_WRAPPER_PASSWD",
648 "NSS_WRAPPER_HOSTNAME",
649 "NSS_WRAPPER_MODULE_SO_PATH",
650 "NSS_WRAPPER_MODULE_FN_PREFIX",
653 "RESOLV_WRAPPER_CONF",
654 "RESOLV_WRAPPER_HOSTS",
657 sub exported_envvars_str
659 my ($testenv_vars) = @_;
662 foreach (@exported_envvars) {
663 next unless defined($testenv_vars->{$_});
664 $out .= $_."=".$testenv_vars->{$_}."\n";
670 sub clear_exported_envvars
672 foreach (@exported_envvars) {
679 my ($testenv_vars) = @_;
681 foreach (@exported_envvars) {
682 if (defined($testenv_vars->{$_})) {
683 $ENV{$_} = $testenv_vars->{$_};
690 sub export_envvars_to_file
692 my ($filepath, $testenv_vars) = @_;
693 my $env_str = exported_envvars_str($testenv_vars);
695 open(FILE, "> $filepath");
696 print FILE "$env_str";