2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
14 use IO::Poll qw(POLLIN);
17 my ($classname, $bindir, $srcdir, $server_maxtime,
18 $opt_socket_wrapper_pcap, $opt_socket_wrapper_keep_pcap) = @_;
21 opt_socket_wrapper_pcap => $opt_socket_wrapper_pcap,
22 opt_socket_wrapper_keep_pcap => $opt_socket_wrapper_keep_pcap,
24 $self->{samba3} = new Samba3($self, $bindir, $srcdir, $server_maxtime);
25 $self->{samba4} = new Samba4($self, $bindir, $srcdir, $server_maxtime);
30 %Samba::ENV_DEPS = (%Samba3::ENV_DEPS, %Samba4::ENV_DEPS);
33 %Samba::ENV_DEPS_POST = (%Samba3::ENV_DEPS_POST, %Samba4::ENV_DEPS_POST);
36 %Samba::ENV_TARGETS = (
37 (map { $_ => "Samba3" } keys %Samba3::ENV_DEPS),
38 (map { $_ => "Samba4" } keys %Samba4::ENV_DEPS),
42 %Samba::ENV_NEEDS_AD_DC = (
43 (map { $_ => 1 } keys %Samba4::ENV_DEPS)
46 foreach my $env (keys %Samba3::ENV_DEPS) {
47 $ENV_NEEDS_AD_DC{$env} = ($env =~ /^ad_/);
52 my ($self, $name) = @_;
54 return unless ($self->{opt_socket_wrapper_pcap});
55 return unless defined($ENV{SOCKET_WRAPPER_PCAP_DIR});
58 $fname =~ s%[^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\-]%_%g;
60 my $pcap_file = "$ENV{SOCKET_WRAPPER_PCAP_DIR}/$fname.pcap";
62 SocketWrapper::setup_pcap($pcap_file);
69 my ($self, $pcap_file, $exitcode) = @_;
71 return unless ($self->{opt_socket_wrapper_pcap});
72 return if ($self->{opt_socket_wrapper_keep_pcap});
73 return unless ($exitcode == 0);
74 return unless defined($pcap_file);
81 my ($self, $envname, $path) = @_;
83 my $targetname = $ENV_TARGETS{$envname};
84 if (not defined($targetname)) {
85 warn("Samba can't provide environment '$envname'");
90 "Samba3" => $self->{samba3},
91 "Samba4" => $self->{samba4}
93 my $target = $targetlookup{$targetname};
95 if (defined($target->{vars}->{$envname})) {
96 return $target->{vars}->{$envname};
99 $target->{vars}->{$envname} = "";
102 foreach(@{$ENV_DEPS{$envname}}) {
103 my $vars = $self->setup_env($_, $path);
104 if (defined($vars)) {
105 push(@dep_vars, $vars);
107 warn("Failed setting up $_ as a dependency of $envname");
112 $ENV{ENVNAME} = $envname;
113 # Avoid hitting system krb5.conf -
114 # An env that needs Kerberos will reset this to the real value.
115 $ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
116 $ENV{RESOLV_CONF} = "$path/no_resolv.conf";
118 my $setup_name = $ENV_TARGETS{$envname}."::setup_".$envname;
119 my $setup_sub = \&$setup_name;
120 my $setup_pcap_file = $self->setup_pcap("env-$ENV{ENVNAME}-setup");
121 my $env = &$setup_sub($target, "$path/$envname", @dep_vars);
122 $self->cleanup_pcap($setup_pcap_file, not defined($env));
123 SocketWrapper::setup_pcap(undef);
125 if (not defined($env)) {
126 warn("failed to start up environment '$envname'");
130 $target->{vars}->{$envname} = $env;
131 $target->{vars}->{$envname}->{target} = $target;
133 foreach(@{$ENV_DEPS_POST{$envname}}) {
134 if (not defined $_) {
137 my $vars = $self->setup_env($_, $path);
138 if (not defined($vars)) {
146 sub bindir_path($$) {
147 my ($object, $path) = @_;
149 my $valpath = "$object->{bindir}/$path";
152 if (defined $ENV{'PYTHON'}) {
153 $python_cmd = $ENV{'PYTHON'} . " ";
156 if (-f $valpath or -d $valpath) {
159 # make sure we prepend samba-tool with calling $PYTHON python version
160 if ($path eq "samba-tool") {
161 $result = $python_cmd . $result;
166 sub nss_wrapper_winbind_so_path($) {
168 my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
169 if (not defined($ret)) {
170 $ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2");
171 $ret = abs_path($ret);
176 sub copy_file_content($$)
179 open(IN, "${in}") or die("failed to open in[${in}] for reading: $!");
180 open(OUT, ">${out}") or die("failed to open out[${out}] for writing: $!");
188 sub prepare_keyblobs($)
192 my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
193 my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
194 my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
195 my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}";
196 my $dcdir = "$cadir/DCs/$dcdnsname";
197 my $dccert = "$dcdir/DC-$dcdnsname-cert.pem";
198 my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem";
199 my $adminprincipalname = "administrator\@$ctx->{dnsname}";
200 my $admindir = "$cadir/Users/$adminprincipalname";
201 my $admincert = "$admindir/USER-$adminprincipalname-cert.pem";
202 my $adminkey_private = "$admindir/USER-$adminprincipalname-private-key.pem";
203 my $pkinitprincipalname = "pkinit\@$ctx->{dnsname}";
204 my $ca_pkinitdir = "$cadir/Users/$pkinitprincipalname";
205 my $pkinitcert = "$ca_pkinitdir/USER-$pkinitprincipalname-cert.pem";
206 my $pkinitkey_private = "$ca_pkinitdir/USER-$pkinitprincipalname-private-key.pem";
208 my $tlsdir = "$ctx->{tlsdir}";
209 my $pkinitdir = "$ctx->{prefix_abs}/pkinit";
210 #TLS and PKINIT crypto blobs
211 my $dhfile = "$tlsdir/dhparms.pem";
212 my $cafile = "$tlsdir/ca.pem";
213 my $crlfile = "$tlsdir/crl.pem";
214 my $certfile = "$tlsdir/cert.pem";
215 my $keyfile = "$tlsdir/key.pem";
216 my $admincertfile = "$pkinitdir/USER-$adminprincipalname-cert.pem";
217 my $adminkeyfile = "$pkinitdir/USER-$adminprincipalname-private-key.pem";
218 my $pkinitcertfile = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
219 my $pkinitkeyfile = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
221 mkdir($tlsdir, 0700);
222 mkdir($pkinitdir, 0700);
223 my $oldumask = umask;
226 # This is specified here to avoid draining entropy on every run
228 # openssl dhparam -out dhparms.pem -text -2 8192
229 open(DHFILE, ">$dhfile");
231 -----BEGIN DH PARAMETERS-----
232 MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87
233 SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe
234 pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx
235 XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB
236 WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
237 yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p
238 jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb
239 Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
240 N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR
241 +yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
242 YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
243 tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d
244 05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
245 OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7
246 MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL
247 xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM
248 04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV
249 /cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
250 XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
251 DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H
252 YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx
253 RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg==
254 -----END DH PARAMETERS-----
258 if (! -e ${dckey_private}) {
263 copy_file_content(${cacert}, ${cafile});
264 copy_file_content(${cacrl_pem}, ${crlfile});
265 copy_file_content(${dccert}, ${certfile});
266 copy_file_content(${dckey_private}, ${keyfile});
267 if (-e ${adminkey_private}) {
268 copy_file_content(${admincert}, ${admincertfile});
269 copy_file_content(${adminkey_private}, ${adminkeyfile});
271 if (-e ${pkinitkey_private}) {
272 copy_file_content(${pkinitcert}, ${pkinitcertfile});
273 copy_file_content(${pkinitkey_private}, ${pkinitkeyfile});
276 # COMPAT stuff to be removed in a later commit
277 my $kdccertfile = "$tlsdir/kdc.pem";
278 copy_file_content(${dccert}, ${kdccertfile});
287 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
288 warn("can't open $ctx->{krb5_conf}$?");
292 my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
297 #Generated krb5.conf for $ctx->{realm}
300 default_realm = $ctx->{realm}
301 dns_lookup_realm = false
302 dns_lookup_kdc = true
303 ticket_lifetime = 24h
306 # We are running on the same machine, do not correct
307 # system clock differences
312 if (defined($ENV{MITKRB5})) {
314 # Set the grace clocskew to 5 seconds
315 # This is especially required by samba3.raw.session krb5 and
316 # reauth tests when not using Heimdal
321 if (defined($ctx->{krb5_ccname})) {
323 default_ccache_name = $ctx->{krb5_ccname}
328 if (defined($ctx->{supported_enctypes})) {
330 default_etypes = $ctx->{supported_enctypes}
331 default_as_etypes = $ctx->{supported_enctypes}
332 default_tgs_enctypes = $ctx->{supported_enctypes}
333 default_tkt_enctypes = $ctx->{supported_enctypes}
334 permitted_enctypes = $ctx->{supported_enctypes}
344 if (defined($ctx->{tlsdir})) {
348 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
352 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
353 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
360 sub mk_realms_stanza($$$$)
362 my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
363 my $lc_domain = lc($domain);
365 # The pkinit_require_krbtgt_otherName = false
366 # is just because the certificates we have saved
367 # do not have the realm in the subjectAltName
368 # (specially encoded as a principal)
370 # https://github.com/heimdal/heimdal/wiki/Setting-up-PK-INIT-and-Certificates
371 my $realms_stanza = "
374 admin_server = $kdc_ipv4:88
375 default_domain = $dnsname
376 pkinit_require_krbtgt_otherName = false
380 admin_server = $kdc_ipv4:88
381 default_domain = $dnsname
382 pkinit_require_krbtgt_otherName = false
386 admin_server = $kdc_ipv4:88
387 default_domain = $dnsname
388 pkinit_require_krbtgt_otherName = false
392 admin_server = $kdc_ipv4:88
393 default_domain = $dnsname
394 pkinit_require_krbtgt_otherName = false
398 return $realms_stanza;
401 sub mk_mitkdc_conf($$)
403 # samba_kdb_dir is the path to mit_samba.so
404 my ($ctx, $samba_kdb_dir) = @_;
406 unless (open(KDCCONF, ">$ctx->{mitkdc_conf}")) {
407 warn("can't open $ctx->{mitkdc_conf}$?");
412 # Generated kdc.conf for $ctx->{realm}
429 db_module_dir = $samba_kdb_dir
444 kdc = FILE:$ctx->{logdir}/mit_kdc.log
450 sub mk_resolv_conf($$)
454 unless (open(RESOLV_CONF, ">$ctx->{resolv_conf}")) {
455 warn("can't open $ctx->{resolv_conf}$?");
459 print RESOLV_CONF "nameserver $ctx->{dns_ipv4}\n";
460 print RESOLV_CONF "nameserver $ctx->{dns_ipv6}\n";
464 sub realm_to_ip_mappings
466 # this maps the DNS realms for the various testenvs to the corresponding
467 # PDC (i.e. the first DC created for that realm).
468 my %realm_to_pdc_mapping = (
469 'adnonssdom.samba.example.com' => 'addc_no_nss',
470 'adnontlmdom.samba.example.com' => 'addc_no_ntlm',
471 'samba2000.example.com' => 'dc5',
472 'samba2003.example.com' => 'dc6',
473 'samba2008r2.example.com' => 'dc7',
474 'addom.samba.example.com' => 'addc',
475 'addom2.samba.example.com' => 'addcsmb1',
476 'sub.samba.example.com' => 'localsubdc',
477 'chgdcpassword.samba.example.com' => 'chgdcpass',
478 'backupdom.samba.example.com' => 'backupfromdc',
479 'renamedom.samba.example.com' => 'renamedc',
480 'labdom.samba.example.com' => 'labdc',
481 'schema.samba.example.com' => 'liveupgrade1dc',
482 'prockilldom.samba.example.com' => 'prockilldc',
483 'proclimit.samba.example.com' => 'proclimitdc',
484 'samba.example.com' => 'localdc',
485 'fips.samba.example.com' => 'fipsdc',
490 # convert the hashmap to a list of key=value strings, where key is the
491 # realm and value is the IP address
492 foreach my $realm (sort(keys %realm_to_pdc_mapping)) {
493 my $pdc = $realm_to_pdc_mapping{$realm};
494 my $ipaddr = get_ipv4_addr($pdc);
495 push(@mapping, "$realm=$ipaddr");
497 # return the mapping as a single comma-separated string
498 return join(',', @mapping);
503 my ($netbiosname) = @_;
504 $netbiosname = lc($netbiosname);
506 # this maps the SOCKET_WRAPPER_DEFAULT_IFACE value for each possible
507 # testenv to the DC's NETBIOS name. This value also corresponds to last
508 # digit of the DC's IP address. Note that the NETBIOS name may differ from
510 # Note that when adding a DC with a new realm, also update
511 # get_realm_ip_mappings() above.
512 my %testenv_iface_mapping = (
514 localnt4member3 => 4,
522 # 11-16 are used by selftest.pl for the client.conf. Most tests only
523 # use the first .11 IP. However, some tests (like winsreplication) rely
524 # on the client having multiple IPs.
530 idmapridmember => 20,
532 localvampiredc => 22,
546 fakednsforwarder1 => 36,
547 fakednsforwarder2 => 37,
554 offlinebackupdc => 44,
558 liveupgrade1dc => 48,
559 liveupgrade2dc => 49,
563 fileserversmb1 => 53,
568 rootdnsforwarder => 64,
570 # Note: that you also need to update dns_hub.py when adding a new
572 # update lib/socket_wrapper/socket_wrapper.c
573 # #define MAX_WRAPPED_INTERFACES 64
574 # if you wish to have more than 64 interfaces
577 if (not defined($testenv_iface_mapping{$netbiosname})) {
581 return $testenv_iface_mapping{$netbiosname};
586 my ($hostname, $iface_num) = @_;
587 my $swiface = Samba::get_interface($hostname);
589 # Handle testenvs with multiple different addresses, i.e. IP multihoming.
590 # Currently only the selftest client has multiple IPv4 addresses.
591 if (defined($iface_num)) {
592 $swiface += $iface_num;
595 return "10.53.57.$swiface";
601 my $swiface = Samba::get_interface($hostname);
603 return sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
606 # returns the 'interfaces' setting for smb.conf, i.e. the IPv4/IPv6
607 # addresses for testenv
608 sub get_interfaces_config
610 my ($hostname, $num_ips) = @_;
613 # We give the client.conf multiple different IPv4 addresses.
614 # All other testenvs generally just have one IPv4 address.
615 if (! defined($num_ips)) {
618 for (my $i = 0; $i < $num_ips; $i++) {
619 my $ipv4_addr = Samba::get_ipv4_addr($hostname, $i);
620 if (use_namespaces()) {
621 # use a /24 subnet with network namespaces
622 $interfaces .= "$ipv4_addr/24 ";
624 $interfaces .= "$ipv4_addr/8 ";
628 my $ipv6_addr = Samba::get_ipv6_addr($hostname);
629 $interfaces .= "$ipv6_addr/64";
634 sub cleanup_child($$)
636 my ($pid, $name) = @_;
638 if (!defined($pid)) {
639 print STDERR "cleanup_child: pid not defined ... not calling waitpid\n";
643 my $childpid = waitpid($pid, WNOHANG);
645 if ($childpid == 0) {
646 } elsif ($childpid < 0) {
647 printf STDERR "%s child process %d isn't here any more\n", $name, $pid;
650 printf STDERR "%s child process %d, died with signal %d, %s coredump\n",
651 $name, $childpid, ($? & 127), ($? & 128) ? 'with' : 'without';
653 printf STDERR "%s child process %d exited with value %d\n", $name, $childpid, $? >> 8;
658 sub random_domain_sid()
660 my $domain_sid = "S-1-5-21-". int(rand(4294967295)) . "-" . int(rand(4294967295)) . "-" . int(rand(4294967295));
664 # sets the environment variables ready for running a given process
665 sub set_env_for_process
667 my ($proc_name, $env_vars, $proc_envs) = @_;
669 if (not defined($proc_envs)) {
670 $proc_envs = get_env_for_process($proc_name, $env_vars);
673 foreach my $key (keys %{ $proc_envs }) {
674 $ENV{$key} = $proc_envs->{$key};
678 sub get_env_for_process
680 my ($proc_name, $env_vars) = @_;
682 RESOLV_CONF => $env_vars->{RESOLV_CONF},
683 KRB5_CONFIG => $env_vars->{KRB5_CONFIG},
684 KRB5CCNAME => "$env_vars->{KRB5_CCACHE}.$proc_name",
685 SELFTEST_WINBINDD_SOCKET_DIR => $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR},
686 NMBD_SOCKET_DIR => $env_vars->{NMBD_SOCKET_DIR},
687 NSS_WRAPPER_PASSWD => $env_vars->{NSS_WRAPPER_PASSWD},
688 NSS_WRAPPER_GROUP => $env_vars->{NSS_WRAPPER_GROUP},
689 NSS_WRAPPER_HOSTS => $env_vars->{NSS_WRAPPER_HOSTS},
690 NSS_WRAPPER_HOSTNAME => $env_vars->{NSS_WRAPPER_HOSTNAME},
691 NSS_WRAPPER_MODULE_SO_PATH => $env_vars->{NSS_WRAPPER_MODULE_SO_PATH},
692 NSS_WRAPPER_MODULE_FN_PREFIX => $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX},
693 UID_WRAPPER_ROOT => "1",
694 ENVNAME => "$ENV{ENVNAME}.$proc_name",
697 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) {
698 $proc_envs->{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF};
700 $proc_envs->{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
702 if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) {
703 $proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE};
705 if (defined($env_vars->{OPENSSL_FORCE_FIPS_MODE})) {
706 $proc_envs->{OPENSSL_FORCE_FIPS_MODE} = $env_vars->{OPENSSL_FORCE_FIPS_MODE};
713 my ($self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup) = @_;
714 my $SambaCtx = $self;
715 $SambaCtx = $self->{SambaCtx} if defined($self->{SambaCtx});
717 # we close the child's write-end of the pipe and redirect the
718 # read-end to its stdin. That way the daemon will receive an
719 # EOF on stdin when parent selftest process closes its
721 $child_cleanup //= sub { close($env_vars->{STDIN_PIPE}) };
723 unlink($daemon_ctx->{LOG_FILE});
724 print "STARTING $daemon_ctx->{NAME} for $ENV{ENVNAME}...";
729 # exec the daemon in the child process
733 # redirect the daemon's stdout/stderr to a log file
734 if (defined($daemon_ctx->{TEE_STDOUT})) {
735 # in some cases, we want out from samba to go to the log file,
736 # but also to the users terminal when running 'make test' on the
737 # command line. This puts it on stderr on the terminal
738 open STDOUT, "| tee $daemon_ctx->{LOG_FILE} 1>&2";
740 open STDOUT, ">$daemon_ctx->{LOG_FILE}";
742 open STDERR, '>&STDOUT';
744 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
745 if (defined($daemon_ctx->{PCAP_FILE})) {
746 $SambaCtx->setup_pcap("$daemon_ctx->{PCAP_FILE}");
749 # setup ENV variables in the child process
750 set_env_for_process($daemon_ctx->{NAME}, $env_vars,
751 $daemon_ctx->{ENV_VARS});
755 # not all s3 daemons run in all testenvs (e.g. fileserver doesn't
756 # run winbindd). In which case, the child process just sleeps
757 if (defined($daemon_ctx->{SKIP_DAEMON})) {
758 $SIG{USR1} = $SIG{ALRM} = $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub {
760 print("Skip $daemon_ctx->{NAME} received signal $signame");
763 my $poll = IO::Poll->new();
764 $poll->mask($STDIN_READER, POLLIN);
765 $poll->poll($self->{server_maxtime});
769 $ENV{MAKE_TEST_BINARY} = $daemon_ctx->{BINARY_PATH};
771 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
773 # if using kernel namespaces, prepend the command so the process runs in
775 if (Samba::use_namespaces()) {
776 @preargs = ns_exec_preargs($parent_pid, $env_vars);
779 # the command args are stored as an array reference (because...Perl),
780 # so convert the reference back to an array
781 my @full_cmd = @{ $daemon_ctx->{FULL_CMD} };
783 exec(@preargs, @full_cmd) or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!");
786 print "DONE ($pid)\n";
788 # if using kernel namespaces, we now establish a connection between the
789 # main selftest namespace (i.e. this process) and the new child namespace
790 if (use_namespaces()) {
791 ns_child_forked($pid, $env_vars);
797 my @exported_envvars = (
804 # stuff related to a trusted domain
812 # stuff related to a trusted domain, on a trust_member
813 # the domain behind a forest trust (two-way)
814 "TRUST_F_BOTH_SERVER",
815 "TRUST_F_BOTH_SERVER_IP",
816 "TRUST_F_BOTH_SERVER_IPV6",
817 "TRUST_F_BOTH_NETBIOSNAME",
818 "TRUST_F_BOTH_USERNAME",
819 "TRUST_F_BOTH_PASSWORD",
820 "TRUST_F_BOTH_DOMAIN",
821 "TRUST_F_BOTH_REALM",
823 # stuff related to a trusted domain, on a trust_member
824 # the domain behind an external trust (two-way)
825 "TRUST_E_BOTH_SERVER",
826 "TRUST_E_BOTH_SERVER_IP",
827 "TRUST_E_BOTH_SERVER_IPV6",
828 "TRUST_E_BOTH_NETBIOSNAME",
829 "TRUST_E_BOTH_USERNAME",
830 "TRUST_E_BOTH_PASSWORD",
831 "TRUST_E_BOTH_DOMAIN",
832 "TRUST_E_BOTH_REALM",
834 # domain controller stuff
849 # only use these 2 as a last resort. Some tests need to test both client-
850 # side and server-side. In this case, run as default client, ans access
851 # server's smb.conf as needed, typically using:
852 # param.LoadParm(filename_for_non_global_lp=os.environ['SERVERCONFFILE'])
863 # UID/GID for rfc2307 mapping tests
870 "SELFTEST_WINBINDD_SOCKET_DIR",
876 "UNACCEPTABLE_PASSWORD",
881 "NSS_WRAPPER_PASSWD",
884 "NSS_WRAPPER_HOSTNAME",
885 "NSS_WRAPPER_MODULE_SO_PATH",
886 "NSS_WRAPPER_MODULE_FN_PREFIX",
889 "RESOLV_WRAPPER_CONF",
890 "RESOLV_WRAPPER_HOSTS",
893 "GNUTLS_FORCE_FIPS_MODE",
894 "OPENSSL_FORCE_FIPS_MODE",
897 sub exported_envvars_str
899 my ($testenv_vars) = @_;
902 foreach (@exported_envvars) {
903 next unless defined($testenv_vars->{$_});
904 $out .= $_."=".$testenv_vars->{$_}."\n";
910 sub clear_exported_envvars
912 foreach (@exported_envvars) {
919 my ($testenv_vars) = @_;
921 foreach (@exported_envvars) {
922 if (defined($testenv_vars->{$_})) {
923 $ENV{$_} = $testenv_vars->{$_};
930 sub export_envvars_to_file
932 my ($filepath, $testenv_vars) = @_;
933 my $env_str = exported_envvars_str($testenv_vars);
935 open(FILE, "> $filepath");
936 print FILE "$env_str";
940 # Returns true if kernel namespaces are being used instead of socket-wrapper.
941 # The default is false.
944 return defined($ENV{USE_NAMESPACES});
947 # returns a given testenv's interface-name (only when USE_NAMESPACES=1)
948 sub ns_interface_name
952 # when using namespaces, each testenv has its own vethX interface,
953 # where X = Samba::get_interface(testenv_name)
954 my $iface = get_interface($hostname);
958 # Called after a new child namespace has been forked
961 my ($child_pid, $env_vars) = @_;
963 # we only need to do this for the first child forked for this testenv
964 if (defined($env_vars->{NS_PID})) {
968 # store the child PID. It's the only way the main (selftest) namespace can
969 # access the new child (testenv) namespace.
970 $env_vars->{NS_PID} = $child_pid;
972 # Add the new child namespace's interface to the main selftest bridge.
973 # This connects together the various testenvs so that selftest can talk to
975 my $iface = ns_interface_name($env_vars->{NETBIOSNAME});
976 system "$ENV{SRCDIR}/selftest/ns/add_bridge_iface.sh $iface-br selftest0";
979 # returns args to prepend to a command in order to execute it the correct
980 # namespace for the testenv (creating a new namespace if needed).
981 # This should only used when USE_NAMESPACES=1 is set.
984 my ($parent_pid, $env_vars) = @_;
986 # NS_PID stores the pid of the first child daemon run in this namespace
987 if (defined($env_vars->{NS_PID})) {
989 # the namespace has already been created previously. So we use nsenter
990 # to execute the command in the given testenv's namespace. We need to
991 # use the NS_PID to identify this particular namespace
992 return ("nsenter", "-t", "$env_vars->{NS_PID}", "--net");
995 # We need to create a new namespace for this daemon (i.e. we're
996 # setting up a new testenv). First, write the environment variables to
997 # an exports.sh file for this testenv (for convenient access by the
998 # namespace scripts).
999 my $exports_file = "$env_vars->{TESTENV_DIR}/exports.sh";
1000 export_envvars_to_file($exports_file, $env_vars);
1002 # when using namespaces, each testenv has its own veth interface
1003 my $interface = ns_interface_name($env_vars->{NETBIOSNAME});
1005 # we use unshare to create a new network namespace. The start_in_ns.sh
1006 # helper script gets run first to setup the new namespace's interfaces.
1007 # (This all gets prepended around the actual command to run in the new
1009 return ("unshare", "--net", "$ENV{SRCDIR}/selftest/ns/start_in_ns.sh",
1010 $interface, $exports_file, $parent_pid);
1016 my ($self, $envvars) = @_;
1021 my ($self, $env) = @_;