my $env_ok = $self->check_env($env_vars);
if ($env_ok) {
- return $env_vars->{SAMBA_PID};
+ return $env_vars->{SAMBA_PID};
+ } elsif (defined($env_vars->{SAMBA_PID})) {
+ warn("SAMBA PID $env_vars->{SAMBA_PID} is not running (died)");
+ return undef;
}
# use a pipe for stdin in the child processes. This allows
}
}
- print "STARTING SAMBA...";
+ print "STARTING SAMBA...\n";
my $pid = fork();
if ($pid == 0) {
# we want out from samba to go to the log file, but also
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
+ $ENV{KRB5CCNAME} = "$env_vars->{KRB5_CCACHE}.samba";
$ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
$ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
$ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
$ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS};
+ $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME};
$ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH};
$ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX};
sub wait_for_start($$)
{
my ($self, $testenv_vars) = @_;
+ my $count = 0;
my $ret = 0;
if (not $self->check_env($testenv_vars)) {
return -1;
}
- # give time for nbt server to register its names
- print "delaying for nbt name registration\n";
- sleep 2;
-
# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
my $nmblookup = Samba::bindir_path($self, "nmblookup4");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
- system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
+
+ do {
+ $ret = system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
+ if ($ret != 0) {
+ sleep(1);
+ } else {
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
+ system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
+ }
+ $count++;
+ } while ($ret != 0 && $count < 20);
+ if ($count == 10) {
+ warn("nbt not reachable after 20 retries\n");
+ teardown_env($self, $testenv_vars);
+ return 0;
+ }
# Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) {
- # Add hosts file for name lookups
- $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
+ # Add hosts file for name lookups
+ $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
$ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF};
} else {
my $count = 0;
my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
- sleep(1);
- while (system("$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null") != 0) {
+ my $max_wait = 60;
+ my $cmd = "$ldbsearch $testenv_vars->{CONFIGURATION} -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool";
+ while (system("$cmd >/dev/null") != 0) {
$count++;
- if ($count > 40) {
+ if ($count > $max_wait) {
+ warn("Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}");
$ret = -1;
last;
}
} else {
$cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
}
- $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
+ $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
+ $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
my $cmd_config = " $localenv->{CONFIGURATION}";
} else {
$cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
}
- $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
+ $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
+ $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
my $cmd_config = " $localenv->{CONFIGURATION}";
my $cmd_creds = $cmd_config;
$ctx->{password} = $password;
$ctx->{kdc_ipv4} = $kdc_ipv4;
$ctx->{kdc_ipv6} = $kdc_ipv6;
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
+ if ($functional_level eq "2000") {
+ $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"
+ }
#
# Set smbd log level here.
$ctx->{piddir} = "$prefix_abs/pid";
$ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
$ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
+ $ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache";
$ctx->{privatedir} = "$prefix_abs/private";
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
$ctx->{lockdir} = "$prefix_abs/lockdir";
$ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
$ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
$ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts";
+ $ctx->{nsswrap_hostname} = "$ctx->{hostname}.$ctx->{dnsname}";
if ($ENV{SAMBA_DNS_FAKING}) {
$ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
$ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}";
} else {
- $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf";
- $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}";
+ $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces";
+ $ctx->{use_resolv_wrapper} = 1;
}
+ $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf";
$ctx->{tlsdir} = "$ctx->{privatedir}/tls";
$ctx->{smb_conf_extra_options} = "";
my @provision_options = ();
- push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
+ push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_conf}\"");
+ push (@provision_options, "KRB5_CCACHE=\"$ctx->{krb5_ccache}\"");
push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
- if (defined($ctx->{resolv_conf})) {
+ push (@provision_options, "NSS_WRAPPER_HOSTNAME=\"$ctx->{nsswrap_hostname}\"");
+ if (defined($ctx->{use_resolv_wrapper})) {
push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"");
} else {
push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
log file = $ctx->{logdir}/log.\%m
log level = $ctx->{server_loglevel}
lanman auth = Yes
+ ntlm auth = Yes
rndc command = true
dns update command = $ctx->{samba_dnsupdate}
spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
- # remove this again, when our smb2 client library
- # supports signin on compound related requests
- server signing = on
-
idmap_ldb:use rfc2307=yes
winbind enum users = yes
winbind enum groups = yes
my $ret = {
KRB5_CONFIG => $ctx->{krb5_conf},
+ KRB5_CCACHE => $ctx->{krb5_ccache},
PIDDIR => $ctx->{piddir},
SERVER => $ctx->{hostname},
SERVER_IP => $ctx->{ipv4},
NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts},
+ NSS_WRAPPER_HOSTNAME => $ctx->{nsswrap_hostname},
SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
SAMBA_TEST_LOG_POS => 0,
LOCAL_PATH => $ctx->{share},
UID_RFC2307TEST => $uid_rfc2307test,
GID_RFC2307TEST => $gid_rfc2307test,
- SERVER_ROLE => $ctx->{server_role}
+ SERVER_ROLE => $ctx->{server_role},
+ RESOLV_CONF => $ctx->{resolv_conf}
};
- if (defined($ctx->{resolv_conf})) {
- $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf};
+ if (defined($ctx->{use_resolv_wrapper})) {
+ $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf};
} else {
$ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
}
my $testallowed_account = "testallowed";
my $samba_tool_cmd = "";
$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
- . " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
+ . " user create --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
unless (system($samba_tool_cmd) == 0) {
warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
return undef;
my $ldbmodify = "";
$ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$ldbmodify .= Samba::bindir_path($self, "ldbmodify");
my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
$samba_tool_cmd = "";
$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
- . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
+ . " user create --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
unless (system($samba_tool_cmd) == 0) {
warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
return undef;
$samba_tool_cmd = "";
$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
. " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
unless (system($samba_tool_cmd) == 0) {
return $self->provision_raw_step2($ctx, $ret);
}
-sub provision_s4member($$$)
+sub provision_s4member($$$$$)
{
- my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING MEMBER...";
+ my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_;
+ print "PROVISIONING MEMBER...\n";
my $extra_smb_conf = "
passdb backend = samba_dsdb
winbindd:use external pipes = true
+# the source4 smb server doesn't allow signing by default
+server signing = enabled
+
rpc_server:default = external
rpc_server:svcctl = embedded
rpc_server:srvsvc = embedded
rpc_daemon:spoolssd = embedded
rpc_server:tcpip = no
";
+ if ($more_conf) {
+ $extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
+ }
my $ret = $self->provision($prefix,
"member server",
- "s4member",
+ $hostname,
"SAMBADOMAIN",
"samba.example.com",
"2008",
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD}";
sub provision_rpc_proxy($$$)
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING RPC PROXY...";
+ print "PROVISIONING RPC PROXY...\n";
my $extra_smbconf_options = "
passdb backend = samba_dsdb
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6},
$extra_smbconf_options, "", undef);
-
unless ($ret) {
return undef;
}
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD}";
$cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
$cmd .= " $dcvars->{CONFIGURATION}";
print $cmd;
$cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
$cmd .= " $dcvars->{CONFIGURATION}";
sub provision_promoted_dc($$$)
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING PROMOTED DC...";
+ print "PROVISIONING PROMOTED DC...\n";
# We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD}";
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
sub provision_vampire_dc($$$)
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING VAMPIRE DC...";
+ print "PROVISIONING VAMPIRE DC...\n";
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
sub provision_subdom_dc($$$)
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING SUBDOMAIN DC...";
+ print "PROVISIONING SUBDOMAIN DC...\n";
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
# ensure upgrades which used that name still work with the now
# alias.
- print "PROVISIONING AD DC (NTVFS)...";
+ print "PROVISIONING AD DC (NTVFS)...\n";
my $extra_conf_options = "netbios aliases = localDC1-a
server services = +winbind -winbindd
ldap server require strong auth = allow_sasl_over_tls
$extra_conf_options,
"",
undef);
+ unless ($ret) {
+ return undef;
+ }
- return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
{
my ($self, $prefix) = @_;
- print "PROVISIONING DC WITH FOREST LEVEL 2000...";
+ print "PROVISIONING DC WITH FOREST LEVEL 2000...\n";
+ my $extra_conf_options = "
+ spnego:simulate_w2k=yes
+ ntlmssp_server:force_old_spnego=yes
+";
my $ret = $self->provision($prefix,
"domain controller",
"dc5",
"locDCpass5",
undef,
undef,
- "",
+ $extra_conf_options,
"",
undef);
+ unless ($ret) {
+ return undef;
+ }
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
}
+ $ret->{DC_SERVER} = $ret->{SERVER};
+ $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
+ $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $ret->{USERNAME};
+ $ret->{DC_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DC_REALM} = $ret->{REALM};
return $ret;
}
sub provision_fl2003dc($$$)
{
my ($self, $prefix, $dcvars) = @_;
+ my $swiface1 = Samba::get_interface("fakednsforwarder1");
+ my $swiface2 = Samba::get_interface("fakednsforwarder2");
- print "PROVISIONING DC WITH FOREST LEVEL 2003...";
- my $extra_conf_options = "allow dns updates = nonsecure and secure";
+ print "PROVISIONING DC WITH FOREST LEVEL 2003...\n";
+ my $extra_conf_options = "allow dns updates = nonsecure and secure
+ dns forwarder = 127.0.0.$swiface1 127.0.0.$swiface2";
my $ret = $self->provision($prefix,
"domain controller",
"dc6",
$extra_conf_options,
"",
undef);
-
unless (defined $ret) {
return undef;
}
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
$ret->{DC_USERNAME} = $ret->{USERNAME};
$ret->{DC_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DNS_FORWARDER1} = "127.0.0.$swiface1";
+ $ret->{DNS_FORWARDER2} = "127.0.0.$swiface2";
my @samba_tool_options;
push (@samba_tool_options, Samba::bindir_path($self, "samba-tool"));
return undef;
}
- return $ret;
-
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING DC WITH FOREST LEVEL 2008r2...";
+ print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n";
my $extra_conf_options = "ldap server require strong auth = no";
my $ret = $self->provision($prefix,
"domain controller",
$extra_conf_options,
"",
undef);
+ unless (defined $ret) {
+ return undef;
+ }
unless ($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
}
+ $ret->{DC_SERVER} = $ret->{SERVER};
+ $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
+ $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $ret->{USERNAME};
+ $ret->{DC_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DC_REALM} = $ret->{REALM};
return $ret;
}
sub provision_rodc($$$)
{
my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING RODC...";
+ print "PROVISIONING RODC...\n";
# We do this so that we don't run the provision. That's the job of 'net join RODC'.
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs";
# user password verified on the RODC
my $testallowed_account = "testallowed account";
$cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
$cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}";
$cmd .= " --server=$dcvars->{DC_SERVER}";
return $ret;
}
+sub read_config_h($)
+{
+ my ($name) = @_;
+ my %ret = {};
+ open(LF, "<$name") or die("unable to read $name: $!");
+ while (<LF>) {
+ chomp;
+ next if not (/^#define /);
+ if (/^#define (.*?)[ \t]+(.*?)$/) {
+ $ret{$1} = $2;
+ next;
+ }
+ if (/^#define (.*?)[ \t]+$/) {
+ $ret{$1} = 1;;
+ next;
+ }
+ }
+ close(LF);
+ return \%ret;
+}
+
sub provision_ad_dc($$)
{
my ($self, $prefix) = @_;
my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
$require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1");
+ my $config_h = {};
+
+ if (defined($ENV{CONFIG_H})) {
+ $config_h = read_config_h($ENV{CONFIG_H});
+ }
+
+ my $password_hash_gpg_key_ids = "password hash gpg key ids = 4952E40301FAB41A";
+ $password_hash_gpg_key_ids = "" unless defined($config_h->{HAVE_GPGME});
+
my $extra_smbconf_options = "
server services = -smb +s3fs
xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
dbwrap_tdb_mutexes:* = yes
${require_mutexes}
+ ${password_hash_gpg_key_ids}
+
kernel oplocks = no
kernel change notify = no
+ smb2 leases = no
logging = file
printing = bsd
max protocol = SMB3
read only = no
- server signing = auto
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
copy = print1
";
- print "PROVISIONING AD DC...";
+ print "PROVISIONING AD DC...\n";
my $ret = $self->provision($prefix,
"domain controller",
"addc",
$extra_smbconf_options,
$extra_smbconf_shares,
undef);
+ unless (defined $ret) {
+ return undef;
+ }
- return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
{
my ($self, $prefix) = @_;
- print "PROVISIONING CHGDCPASS...";
+ print "PROVISIONING CHGDCPASS...\n";
my $extra_provision_options = undef;
+ # This environment disallows the use of this password
+ # (and also removes the default AD complexity checks)
+ my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
my $ret = $self->provision($prefix,
"domain controller",
"chgDCpass1",
undef,
undef,
- "",
+ "check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n",
"",
$extra_provision_options);
+ unless (defined $ret) {
+ return undef;
+ }
- return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
$ret->{DC_USERNAME} = $ret->{USERNAME};
$ret->{DC_PASSWORD} = $ret->{PASSWORD};
+ $ret->{UNACCEPTABLE_PASSWORD} = $unacceptable_password;
return $ret;
}
sub getlog_env($$)
{
my ($self, $envvars) = @_;
- my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
+ my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME} pid $envvars->{SAMBA_PID}\n";
my $out = $title;
open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
}
return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
+ } elsif ($envname eq "s4member_dflt_domain") {
+ if (not defined($self->{vars}->{ad_dc_ntvfs})) {
+ $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
+ }
+ return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs});
} elsif ($envname eq "s4member") {
if (not defined($self->{vars}->{ad_dc_ntvfs})) {
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
{
my ($self, $path, $dc_vars) = @_;
- my $env = $self->provision_s4member($path, $dc_vars);
+ my $env = $self->provision_s4member($path, $dc_vars, "s4member");
if (defined $env) {
if (not defined($self->check_or_start($env, "standard"))) {
return $env;
}
+sub setup_s4member_dflt_domain($$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt",
+ "winbind use default domain = yes");
+
+ if (defined $env) {
+ if (not defined($self->check_or_start($env, "standard"))) {
+ return undef;
+ }
+
+ $self->{vars}->{s4member_dflt_domain} = $env;
+ }
+
+ return $env;
+}
+
sub setup_rpc_proxy($$$)
{
my ($self, $path, $dc_vars) = @_;
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
$cmd .= " $env->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
+ warn("Failed to exec kcc on remote DC\n$cmd");
return undef;
}
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
$cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
$cmd .= " $env->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
+ warn("Failed to exec kcc on remote DC\n$cmd");
return undef;
}
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs kcc $env->{SERVER}";
$cmd .= " $env->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
+ warn("Failed to exec kcc on promoted DC\n$cmd");
return undef;
}
my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
$cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
$cmd .= " $env->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
+ warn("Failed to exec kcc on remote DC\n$cmd");
return undef;
}
my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
$cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
return undef;
}
- # force source and replicated DC to update repsTo/repsFrom
- # for vampired partitions
my $samba_tool = Samba::bindir_path($self, "samba-tool");
my $cmd = "";
- $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
- $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
- $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
- $cmd .= " $env->{CONFIGURATION}";
- $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
- unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
- return undef;
- }
-
- my $samba_tool = Samba::bindir_path($self, "samba-tool");
- my $cmd = "";
- $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
- $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
- $cmd .= " $samba_tool drs kcc -k no $env->{SERVER}";
- $cmd .= " $env->{CONFIGURATION}";
- $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
- unless (system($cmd) == 0) {
- warn("Failed to exec kcc\n$cmd");
- return undef;
- }
my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
$cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}";
$cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";