# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
- my $nmblookup = Samba::bindir_path($self, "nmblookup");
+ my $nmblookup = Samba::bindir_path($self, "nmblookup4");
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
EOF
}
-sub provision_raw_prepare($$$$$$$$$)
+sub provision_raw_prepare($$$$$$$$$$)
{
my ($self, $prefix, $server_role, $hostname,
$domain, $realm, $functional_level,
$ctx->{password} = $password;
$ctx->{kdc_ipv4} = $kdc_ipv4;
+#
+# Set smbd log level here.
+#
$ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
$ctx->{username} = "Administrator";
$ctx->{domain} = $domain;
$ctx->{realm} = uc($realm);
$ctx->{dnsname} = lc($realm);
- $ctx->{sid_generator} = "internal";
$ctx->{functional_level} = $functional_level;
$ctx->{privatedir} = "$prefix_abs/private";
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
$ctx->{lockdir} = "$prefix_abs/lockdir";
+ $ctx->{logdir} = "$prefix_abs/logs";
$ctx->{statedir} = "$prefix_abs/statedir";
$ctx->{cachedir} = "$prefix_abs/cachedir";
$ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
push(@{$ctx->{directories}}, $ctx->{etcdir});
push(@{$ctx->{directories}}, $ctx->{piddir});
push(@{$ctx->{directories}}, $ctx->{lockdir});
+ push(@{$ctx->{directories}}, $ctx->{logdir});
push(@{$ctx->{directories}}, $ctx->{statedir});
push(@{$ctx->{directories}}, $ctx->{cachedir});
if (defined($ENV{PYTHON})) {
push (@provision_options, $ENV{PYTHON});
}
- push (@provision_options, "$self->{srcdir}/source4/setup/provision");
+ push (@provision_options, Samba::bindir_path($self, "samba-tool"));
+ push (@provision_options, "domain");
+ push (@provision_options, "provision");
push (@provision_options, "--configfile=$ctx->{smb_conf}");
push (@provision_options, "--host-name=$ctx->{hostname}");
push (@provision_options, "--host-ip=$ctx->{ipv4}");
push (@provision_options, "--root=$ctx->{unix_name}");
push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
- push (@provision_options, "--dns-backend=BIND9_DLZ");
@{$ctx->{provision_options}} = @provision_options;
warn("can't open $ctx->{smb_conf}$?");
return undef;
}
- my $acl = "false";
- $acl = "true" if (defined $ENV{WITH_ACL});
print CONFFILE "
[global]
- acl:search = $acl
netbios name = $ctx->{netbiosname}
posix:eadb = $ctx->{statedir}/eadb.tdb
workgroup = $ctx->{domain}
panic action = $RealBin/gdb_backtrace \%d
wins support = yes
server role = $ctx->{server_role}
- server services = +echo +dns
+ server services = +echo +smb -s3fs
+ dcerpc endpoint servers = +winreg +srvsvc
notify:inotify = false
ldb:nosync = true
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
+ log file = $ctx->{logdir}/log.\%m
log level = $ctx->{server_loglevel}
lanman auth = Yes
rndc command = true
- dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file}
- spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate
- resolv:host file = $ctx->{dns_host_file}
+ dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file} -s $ctx->{smb_conf}
+ spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
+ resolv:host file = $ctx->{dns_host_file}
dreplsrv:periodic_startup_interval = 0
dsdb:schema update allowed = yes
- passdb backend = samba4
+ vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
- # remove this again, when our smb2 client library
- # supports signin on compound related requests
- server signing = on
+ # remove this again, when our smb2 client library
+ # supports signin on compound related requests
+ server signing = on
";
- if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
- print CONFFILE "
- sid generator = $ctx->{sid_generator}";
- }
-
print CONFFILE "
# Begin extra options
open(PWD, ">$ctx->{nsswrap_passwd}");
print PWD "
root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
-$ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
+pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
";
close(PWD);
LOCKDIR => $ctx->{lockdir},
STATEDIR => $ctx->{statedir},
CACHEDIR => $ctx->{cachedir},
+ PRIVATEDIR => $ctx->{privatedir},
SERVERCONFFILE => $ctx->{smb_conf},
CONFIGURATION => $configuration,
SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
SAMBA_TEST_LOG_POS => 0,
- NSS_WRAPPER_WINBIND_SO_PATH => Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so"),
+ NSS_WRAPPER_WINBIND_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
LOCAL_PATH => $ctx->{share}
};
return $ret;
}
-sub provision($$$$$$$$)
+sub provision($$$$$$$$$)
{
my ($self, $prefix, $server_role, $hostname,
$domain, $realm, $functional_level,
- $password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares) = @_;
+ $password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares,
+ $extra_provision_options) = @_;
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
$hostname,
$domain, $realm, $functional_level,
$password, $kdc_ipv4);
+ if (defined($extra_provision_options)) {
+ push (@{$ctx->{provision_options}}, @{$extra_provision_options});
+ } else {
+ push (@{$ctx->{provision_options}}, "--use-ntvfs");
+ }
+
$ctx->{share} = "$ctx->{prefix_abs}/share";
push(@{$ctx->{directories}}, "$ctx->{share}");
push(@{$ctx->{directories}}, "$ctx->{share}/test1");
push(@{$ctx->{directories}}, "$ctx->{share}/test2");
+
+ # precreate directories for printer drivers
+ push(@{$ctx->{directories}}, "$ctx->{share}/W32X86");
+ push(@{$ctx->{directories}}, "$ctx->{share}/x64");
+ push(@{$ctx->{directories}}, "$ctx->{share}/WIN40");
+
my $msdfs = "no";
$msdfs = "yes" if ($server_role eq "domain controller");
$ctx->{smb_conf_extra_options} = "
create mask = 777
force create mode = 777
+[posix_share]
+ path = $ctx->{share}
+ read only = no
+ create mask = 0777
+ force create mode = 0
+ directory mask = 0777
+ force directory mode = 0
+
[test1]
path = $ctx->{share}/test1
read only = no
[sysvol]
path = $ctx->{statedir}/sysvol
- read only = yes
+ read only = no
[netlogon]
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
$ldap_uri =~ s|/|%2F|g;
$ldap_uri = "ldapi://$ldap_uri";
$ctx->{ldap_uri} = $ldap_uri;
- if ($self->{ldap} eq "fedora-ds") {
- $ctx->{sid_generator} = "backend";
- }
$ctx->{ldap_instance} = lc($ctx->{netbiosname});
}
"2008",
"locMEMpass3",
$dcvars->{SERVER_IP},
- "", "");
+ "", "", undef);
unless ($ret) {
return undef;
}
"2008",
"locRPCproxypass4",
$dcvars->{SERVER_IP},
- $extra_smbconf_options, "");
+ $extra_smbconf_options, "", undef);
unless ($ret) {
return undef;
return $ret;
}
+sub provision_promoted_vampire_dc($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+ print "PROVISIONING VAMPIRE DC...";
+
+ # We do this so that we don't run the provision. That's the job of 'net vampire'.
+ my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
+ "promotedvdc",
+ "SAMBADOMAIN",
+ "samba.example.com",
+ "2008",
+ $dcvars->{PASSWORD},
+ $dcvars->{SERVER_IP});
+
+ push (@{$ctx->{provision_options}}, "--use-ntvfs");
+
+ $ctx->{smb_conf_extra_options} = "
+ max xmit = 32K
+ server max protocol = SMB2
+
+[sysvol]
+ path = $ctx->{statedir}/sysvol
+ read only = yes
+
+[netlogon]
+ path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
+ read only = no
+
+";
+
+ my $ret = $self->provision_raw_step1($ctx);
+ unless ($ret) {
+ return undef;
+ }
+
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
+
+ unless (system($cmd) == 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
+
+ unless (system($cmd) == 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ $ret->{PROMOTED_VAMPIRE_DC_SERVER} = $ret->{SERVER};
+ $ret->{PROMOTED_VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{PROMOTED_VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+
+ $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
+
+ return $ret;
+}
+
sub provision_vampire_dc($$$)
{
my ($self, $prefix, $dcvars) = @_;
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP});
+ push (@{$ctx->{provision_options}}, "--use-ntvfs");
+
$ctx->{smb_conf_extra_options} = "
max xmit = 32K
server max protocol = SMB2
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
- $cmd .= " --machinepass=machine$ret->{password}";
+ $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
$dcvars->{PASSWORD},
undef);
+ push (@{$ctx->{provision_options}}, "--use-ntvfs");
+
$ctx->{smb_conf_extra_options} = "
max xmit = 32K
server max protocol = SMB2
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password}";
+ $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
my ($self, $prefix) = @_;
print "PROVISIONING DC...";
- my $extra_conf_options = "netbios aliases = localDC1-a
-allow dns updates = True";
+ my $extra_conf_options = "netbios aliases = localDC1-a";
my $ret = $self->provision($prefix,
"domain controller",
"localdc",
"samba.example.com",
"2008",
"locDCpass1",
- undef, $extra_conf_options, "");
+ undef, $extra_conf_options, "", undef);
return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
"samba2000.example.com",
"2000",
"locDCpass5",
- undef, "");
+ undef, "", "", undef);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
"samba2003.example.com",
"2003",
"locDCpass6",
- undef, "", "");
+ undef, "allow dns updates = nonsecure and secure", "", undef);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
"samba2008R2.example.com",
"2008_R2",
"locDCpass7",
- undef, "", "");
+ undef, "", "", undef);
unless ($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
}
+ push (@{$ctx->{provision_options}}, "--use-ntvfs");
+
$ctx->{share} = "$ctx->{prefix_abs}/share";
push(@{$ctx->{directories}}, "$ctx->{share}");
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --server=$dcvars->{DC_SERVER}";
+ $cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs";
unless (system($cmd) == 0) {
warn("RODC join failed\n$cmd");
my $bindir_abs = abs_path($self->{bindir});
my $lockdir="$prefix_abs/lockdir";
+ my $conffile="$prefix_abs/etc/smb.conf";
my $extra_smbconf_options = "
server services = -smb +s3fs
printing = bsd
printcap name = /dev/null
- max protocol = SMB2
+ max protocol = SMB3
read only = no
server signing = auto
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
- map hidden = no
- map system = no
- map readonly = no
- store dos attributes = yes
- create mask = 755
+ create mask = 0777
+ directory mask = 0777
dos filemode = yes
- vfs objects = acl_xattr xattr_tdb streams_depot
-
dcerpc endpoint servers = -winreg -srvsvc
printcap name = /dev/null
+ addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile --
+ deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile --
+
printing = vlp
print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
my $extra_smbconf_shares = "
+[tmpenc]
+ copy = tmp
+ smb encrypt = required
+
[tmpcase]
copy = tmp
case sensitive = yes
[hideunread]
copy = tmp
hide unreadable = yes
+
+[durable]
+ copy = tmp
+ kernel share modes = no
+ kernel oplocks = no
+ posix locking = no
+
+[print\$]
+ copy = tmp
+
+[print1]
+ copy = tmp
+ printable = yes
+
+[print2]
+ copy = print1
+[print3]
+ copy = print1
+[lp]
+ copy = print1
";
print "PROVISIONING PLUGIN S4 DC...";
"2008",
"locDCpass1",
undef, $extra_smbconf_options,
- $extra_smbconf_shares);
+ $extra_smbconf_shares, undef);
return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
my ($self, $prefix) = @_;
print "PROVISIONING CHGDCPASS...";
+ my $extra_provision_options = undef;
+ push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
my $ret = $self->provision($prefix,
"domain controller",
"chgdcpass",
"chgdcpassword.samba.example.com",
"2008",
"chgDCpass1",
- undef);
+ undef, "server services = -dns", "",
+ $extra_provision_options);
return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
}
+
+ # Remove secrets.tdb from this environment to test that we still start up
+ # on systems without the new matching secrets.tdb records
+ unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb")) {
+ warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
+ return undef;
+ }
+
$ret->{DC_SERVER} = $ret->{SERVER};
$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
my $childpid;
# This should give it time to write out the gcov data
- until ($count > 20) {
+ until ($count > 30) {
if (Samba::cleanup_child($pid, "samba") == -1) {
last;
}
$self->setup_dc("$path/dc");
}
return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
+ } elsif ($envname eq "promoted_vampire_dc") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $self->setup_promoted_vampire_dc("$path/promoted_vampire_dc", $self->{vars}->{dc});
} elsif ($envname eq "subdom_dc") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
- $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}";
+ $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
+ $cmd .= " $dc_vars->{CONFIGURATION}";
+ $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
+ # replicate Configuration NC
+ my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
+ # replicate Default NC
+ $cmd_repl = "$cmd \"$base_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
+ }
+
+ return $env;
+}
+
+sub setup_promoted_vampire_dc($$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_promoted_vampire_dc($path, $dc_vars);
+
+ if (defined $env) {
+ $self->check_or_start($env, "single");
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{promoted_vampire_dc} = $env;
+
+ # force replicated DC to update repsTo/repsFrom
+ # for vampired partitions
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
+ $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
+ $cmd .= " $env->{CONFIGURATION}";
+ $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
+ unless (system($cmd) == 0) {
+ warn("Failed to exec kcc\n$cmd");
+ return undef;
+ }
+
+ # as 'vampired' dc may add data in its local replica
+ # we need to synchronize data between DCs
+ my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
+ $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
+ $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
$cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
# replicate Configuration NC