2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
10 use FindBin qw($RealBin);
14 my ($classname, $bindir, $ldap, $setupdir, $exeext) = @_;
15 $exeext = "" unless defined($exeext);
20 setupdir => $setupdir,
28 my ($self, $path) = @_;
30 return "$self->{bindir}/$path$self->{exeext}";
33 sub openldap_start($$$) {
39 my ($self, $env_vars) = @_;
40 my $ldbsearch = $self->bindir_path("ldbsearch");
42 my $uri = $env_vars->{LDAP_URI};
44 if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
45 print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
48 # running slapd in the background means it stays in the same process group, so it can be
50 if ($self->{ldap} eq "fedora-ds") {
51 system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
52 } elsif ($self->{ldap} eq "openldap") {
53 system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
55 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
58 $self->slapd_stop($env_vars);
68 my ($self, $envvars) = @_;
69 if ($self->{ldap} eq "fedora-ds") {
70 system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
71 } elsif ($self->{ldap} eq "openldap") {
72 unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) {
73 warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}");
82 sub check_or_start($$$)
84 my ($self, $env_vars, $max_time) = @_;
85 return 0 if ( -p $env_vars->{SAMBA_TEST_FIFO});
87 unlink($env_vars->{SAMBA_TEST_FIFO});
88 POSIX::mkfifo($env_vars->{SAMBA_TEST_FIFO}, 0700);
89 unlink($env_vars->{SAMBA_TEST_LOG});
91 print "STARTING SAMBA for $ENV{ENVNAME}\n";
94 open STDIN, $env_vars->{SAMBA_TEST_FIFO};
95 # we want out from samba to go to the log file, but also
96 # to the users terminal when running 'make test' on the command
97 # line. This puts it on stderr on the terminal
98 open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
99 open STDERR, '>&STDOUT';
101 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
104 if (defined($ENV{SAMBA_VALGRIND})) {
105 $valgrind = $ENV{SAMBA_VALGRIND};
108 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
109 $ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
111 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
112 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
114 $ENV{UID_WRAPPER} = "1";
116 # Start slapd before samba, but with the fifo on stdin
117 if (defined($self->{ldap})) {
118 unless($self->slapd_start($env_vars)) {
119 warn("couldn't start slapd (main run)");
125 if (defined($max_time)) {
126 $optarg = "--maximum-runtime=$max_time ";
128 if (defined($ENV{SAMBA_OPTIONS})) {
129 $optarg.= " $ENV{SAMBA_OPTIONS}";
131 my $samba = $self->bindir_path("samba");
133 # allow selection of the process model using
134 # the environment varibale SAMBA_PROCESS_MODEL
135 # that allows us to change the process model for
136 # individual machines in the build farm
137 my $model = "single";
138 if (defined($ENV{SAMBA_PROCESS_MODEL})) {
139 $model = $ENV{SAMBA_PROCESS_MODEL};
141 my $ret = system("$valgrind $samba $optarg $env_vars->{CONFIGURATION} -M $model -i");
143 print "Unable to start $samba: $ret: $!\n";
146 my $exit = ($ret >> 8);
147 unlink($env_vars->{SAMBA_TEST_FIFO});
149 print "$samba exited with no error\n";
151 } elsif ( $ret & 127 ) {
152 print "$samba got signal ".($ret & 127)." and exits with $exit!\n";
154 print "$samba failed with status $exit!\n";
163 open(DATA, ">$env_vars->{SAMBA_TEST_FIFO}");
168 sub wait_for_start($$)
170 my ($self, $testenv_vars) = @_;
171 # give time for nbt server to register its names
172 print "delaying for nbt name registration\n";
175 # This will return quickly when things are up, but be slow if we
176 # need to wait for (eg) SSL init
177 my $nmblookup = $self->bindir_path("nmblookup");
178 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
179 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
180 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
181 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
182 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}");
183 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}");
184 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
185 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
186 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
187 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
188 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}");
189 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}");
191 print $self->getlog_env($testenv_vars);
194 sub write_ldb_file($$$)
196 my ($self, $file, $ldif) = @_;
198 my $ldbadd = $self->bindir_path("ldbadd");
199 open(LDIF, "|$ldbadd -H $file >/dev/null");
204 sub add_wins_config($$)
206 my ($self, $privatedir) = @_;
208 return $self->write_ldb_file("$privatedir/wins_config.ldb", "
209 dn: name=TORTURE_11,CN=PARTNERS
210 objectClass: wreplPartner
221 my ($self, $ctx) = @_;
223 #Make the subdirectory be as fedora DS would expect
224 my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
226 my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
228 return ($fedora_ds_dir, $pidfile);
233 my ($self, $ctx) = @_;
235 my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
236 my $pidfile = "$ctx->{ldapdir}/slapd.pid";
238 return ($slapd_conf_d, $pidfile);
243 my ($self, $tlsdir) = @_;
245 #TLS and PKINIT crypto blobs
246 my $dhfile = "$tlsdir/dhparms.pem";
247 my $cafile = "$tlsdir/ca.pem";
248 my $certfile = "$tlsdir/cert.pem";
249 my $reqkdc = "$tlsdir/req-kdc.der";
250 my $kdccertfile = "$tlsdir/kdc.pem";
251 my $keyfile = "$tlsdir/key.pem";
252 my $adminkeyfile = "$tlsdir/adminkey.pem";
253 my $reqadmin = "$tlsdir/req-admin.der";
254 my $admincertfile = "$tlsdir/admincert.pem";
255 my $admincertupnfile = "$tlsdir/admincertupn.pem";
257 mkdir($tlsdir, 0777);
259 #This is specified here to avoid draining entropy on every run
260 open(DHFILE, ">$dhfile");
262 -----BEGIN DH PARAMETERS-----
263 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
264 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
266 -----END DH PARAMETERS-----
270 #Likewise, we pregenerate the key material. This allows the
271 #other certificates to be pre-generated
272 open(KEYFILE, ">$keyfile");
274 -----BEGIN RSA PRIVATE KEY-----
275 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
276 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
277 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
278 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
279 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
280 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
281 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
282 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
283 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
284 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
285 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
286 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
287 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
288 -----END RSA PRIVATE KEY-----
292 open(ADMINKEYFILE, ">$adminkeyfile");
294 print ADMINKEYFILE <<EOF;
295 -----BEGIN RSA PRIVATE KEY-----
296 MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
297 5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
298 XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
299 AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
300 cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
301 osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
302 u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
303 eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
304 I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
305 ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
306 OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
307 yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
308 +cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
309 -----END RSA PRIVATE KEY-----
313 # hxtool issue-certificate --self-signed --issue-ca \
314 # --ca-private-key="FILE:$KEYFILE" \
315 # --subject="CN=CA,DC=samba,DC=example,DC=com" \
316 # --certificate="FILE:$CAFILE" --lifetime="25 years"
318 open(CAFILE, ">$cafile");
320 -----BEGIN CERTIFICATE-----
321 MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
322 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
323 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
324 MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
325 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
326 A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
327 I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
328 ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
329 AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
330 KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
331 yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR
332 HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g=
333 -----END CERTIFICATE-----
336 #generated with GNUTLS internally in Samba.
338 open(CERTFILE, ">$certfile");
339 print CERTFILE <<EOF;
340 -----BEGIN CERTIFICATE-----
341 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
342 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
343 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
344 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
345 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
346 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
347 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
348 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
349 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
350 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
351 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
352 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
353 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
354 -----END CERTIFICATE-----
359 # hxtool request-create \
360 # --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
361 # --key="FILE:$KEYFILE" $KDCREQ
363 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
364 # --type="pkinit-kdc" \
365 # --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
366 # --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
367 # --lifetime="25 years"
369 open(KDCCERTFILE, ">$kdccertfile");
370 print KDCCERTFILE <<EOF;
371 -----BEGIN CERTIFICATE-----
372 MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
373 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
374 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
375 MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
376 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
377 Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
378 yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
379 PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
380 AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
381 S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
382 dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
383 MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
384 AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
385 ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv
386 KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg==
387 -----END CERTIFICATE-----
390 # hxtool request-create \
391 # --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
392 # --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
394 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
395 # --type="pkinit-client" \
396 # --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
397 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
398 # --lifetime="25 years"
400 open(ADMINCERTFILE, ">$admincertfile");
401 print ADMINCERTFILE <<EOF;
402 -----BEGIN CERTIFICATE-----
403 MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
404 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
405 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
406 MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
407 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
408 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
409 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
410 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
411 l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
412 BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
413 RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
414 ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV
415 HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
416 7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma
417 nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
418 -----END CERTIFICATE-----
420 close(ADMINCERTFILE);
422 # hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
423 # --type="pkinit-client" \
424 # --ms-upn="administrator@samba.example.com" \
425 # --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
426 # --lifetime="25 years"
428 open(ADMINCERTUPNFILE, ">$admincertupnfile");
429 print ADMINCERTUPNFILE <<EOF;
430 -----BEGIN CERTIFICATE-----
431 MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
432 BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
433 LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
434 MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
435 MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
436 bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
437 eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
438 xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
439 l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
440 BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
441 c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
442 +jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
443 9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS
444 Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
445 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
446 -----END CERTIFICATE-----
450 sub provision_raw_prepare($$$$$$$$$$)
452 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
453 $domain, $realm, $functional_level,
454 $swiface, $password, $kdc_ipv4) = @_;
457 unless(-d $prefix or mkdir($prefix, 0777)) {
458 warn("Unable to create $prefix");
461 my $prefix_abs = abs_path($prefix);
463 die ("prefix=''") if $prefix_abs eq "";
464 die ("prefix='/'") if $prefix_abs eq "/";
466 unless (system("rm -rf $prefix_abs/*") == 0) {
467 warn("Unable to clean up");
470 $ctx->{prefix} = $prefix;
471 $ctx->{prefix_abs} = $prefix_abs;
473 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
475 $ctx->{server_role} = $server_role;
476 $ctx->{netbiosname} = $netbiosname;
477 $ctx->{netbiosalias} = $netbiosalias;
478 $ctx->{swiface} = $swiface;
479 $ctx->{password} = $password;
480 $ctx->{kdc_ipv4} = $kdc_ipv4;
482 $ctx->{server_loglevel} = 1;
483 $ctx->{username} = "Administrator";
484 $ctx->{domain} = $domain;
485 $ctx->{realm} = uc($realm);
486 $ctx->{dnsname} = lc($realm);
487 $ctx->{sid_generator} = "internal";
489 $ctx->{functional_level} = $functional_level;
491 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
493 $ctx->{unix_name} = $unix_name;
494 $ctx->{unix_uid} = $>;
495 $ctx->{unix_gids_str} = $);
496 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
498 $ctx->{etcdir} = "$prefix_abs/etc";
499 $ctx->{piddir} = "$prefix_abs/pid";
500 $ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
501 $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
502 $ctx->{privatedir} = "$prefix_abs/private";
503 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
504 $ctx->{lockdir} = "$prefix_abs/lockdir";
505 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
506 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
507 $ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
508 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
509 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
511 $ctx->{tlsdir} = "$ctx->{privatedir}/tls";
513 $ctx->{ipv4} = "127.0.0.$swiface";
514 $ctx->{interfaces} = "$ctx->{ipv4}/8";
516 push(@{$ctx->{directories}}, $ctx->{privatedir});
517 push(@{$ctx->{directories}}, $ctx->{etcdir});
518 push(@{$ctx->{directories}}, $ctx->{piddir});
519 push(@{$ctx->{directories}}, $ctx->{ncalrpcdir});
520 push(@{$ctx->{directories}}, $ctx->{lockdir});
522 $ctx->{smb_conf_extra_options} = "";
524 my @provision_options = ();
525 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
526 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
527 if (defined($ENV{GDB_PROVISION})) {
528 push (@provision_options, "gdb --args");
530 if (defined($ENV{VALGRIND_PROVISION})) {
531 push (@provision_options, "valgrind");
533 if (defined($ENV{PYTHON})) {
534 push (@provision_options, $ENV{PYTHON});
536 push (@provision_options, "$self->{setupdir}/provision");
537 push (@provision_options, "--configfile=$ctx->{smb_conf}");
538 push (@provision_options, "--host-name=$ctx->{netbiosname}");
539 push (@provision_options, "--host-ip=$ctx->{ipv4}");
540 push (@provision_options, "--quiet");
541 push (@provision_options, "--domain=$ctx->{domain}");
542 push (@provision_options, "--realm=$ctx->{realm}");
543 push (@provision_options, "--adminpass=$ctx->{password}");
544 push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
545 push (@provision_options, "--machinepass=machine$ctx->{password}");
546 push (@provision_options, "--root=$ctx->{unix_name}");
547 push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
548 push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
550 @{$ctx->{provision_options}} = @provision_options;
556 # Step1 creates the basic configuration
558 sub provision_raw_step1($$)
560 my ($self, $ctx) = @_;
562 mkdir($_, 0777) foreach (@{$ctx->{directories}});
564 unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
565 warn("can't open $ctx->{smb_conf}$?");
570 netbios name = $ctx->{netbiosname}
571 netbios aliases = $ctx->{netbiosalias}
572 posix:eadb = $ctx->{lockdir}/eadb.tdb
573 workgroup = $ctx->{domain}
574 realm = $ctx->{realm}
575 private dir = $ctx->{privatedir}
576 pid directory = $ctx->{piddir}
577 ncalrpc dir = $ctx->{ncalrpcdir}
578 lock dir = $ctx->{lockdir}
579 setup directory = $self->{setupdir}
580 modules dir = $self->{bindir}/modules
581 winbindd socket directory = $ctx->{winbindd_socket_dir}
582 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
583 ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
584 winbind separator = /
585 name resolve order = file bcast
586 interfaces = $ctx->{interfaces}
587 tls dh params file = $ctx->{tlsdir}/dhparms.pem
588 panic action = $RealBin/gdb_backtrace \%PID% \%PROG%
590 server role = $ctx->{server_role}
591 notify:inotify = false
593 #We don't want to pass our self-tests if the PAC code is wrong
594 gensec:require_pac = true
595 log level = $ctx->{server_loglevel}
598 dns update command = $ENV{SRCDIR_ABS}/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file}
599 spn update command = $ENV{SRCDIR_ABS}/scripting/bin/samba_spnupdate
600 resolv:host file = $ctx->{dns_host_file}
601 dreplsrv:periodic_startup_interval = 0
604 if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
606 sid generator = $ctx->{sid_generator}";
611 # Begin extra options
612 $ctx->{smb_conf_extra_options}
617 $self->mk_keyblobs($ctx->{tlsdir});
619 unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
620 warn("can't open $ctx->{krb5_conf}$?");
624 #Generated krb5.conf for $ctx->{realm}
627 default_realm = $ctx->{realm}
628 dns_lookup_realm = false
629 dns_lookup_kdc = false
630 ticket_lifetime = 24h
635 kdc = $ctx->{kdc_ipv4}:88
636 admin_server = $ctx->{kdc_ipv4}:88
637 default_domain = $ctx->{dnsname}
640 kdc = $ctx->{kdc_ipv4}:88
641 admin_server = $ctx->{kdc_ipv4}:88
642 default_domain = $ctx->{dnsname}
645 kdc = $ctx->{kdc_ipv4}:88
646 admin_server = $ctx->{kdc_ipv4}:88
647 default_domain = $ctx->{dnsname}
651 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
655 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
656 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
659 .$ctx->{dnsname} = $ctx->{realm}
663 open(PWD, ">$ctx->{nsswrap_passwd}");
665 root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
666 $ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
667 nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
671 open(GRP, ">$ctx->{nsswrap_group}");
677 nogroup:x:65534:nobody
681 my $configuration = "--configfile=$ctx->{smb_conf}";
683 #Ensure the config file is valid before we start
684 my $testparm = $self->bindir_path("../scripting/bin/testparm");
685 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
686 system("$testparm -v --suppress-prompt $configuration >&2");
687 warn("Failed to create a valid smb.conf configuration $testparm!");
691 unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
692 warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
697 KRB5_CONFIG => $ctx->{krb5_conf},
698 PIDDIR => $ctx->{piddir},
699 SERVER => $ctx->{netbiosname},
700 SERVER_IP => $ctx->{ipv4},
701 NETBIOSNAME => $ctx->{netbiosname},
702 NETBIOSALIAS => $ctx->{netbiosalias},
703 DOMAIN => $ctx->{domain},
704 USERNAME => $ctx->{username},
705 REALM => $ctx->{realm},
706 PASSWORD => $ctx->{password},
707 LDAPDIR => $ctx->{ldapdir},
708 LDAP_INSTANCE => $ctx->{ldap_instance},
709 WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
710 NCALRPCDIR => $ctx->{ncalrpcdir},
711 LOCKDIR => $ctx->{lockdir},
712 SERVERCONFFILE => $ctx->{smb_conf},
713 CONFIGURATION => $configuration,
714 SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
715 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
716 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
717 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
718 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
719 SAMBA_TEST_LOG_POS => 0,
726 # Step2 runs the provision script
728 sub provision_raw_step2($$$)
730 my ($self, $ctx, $ret) = @_;
732 my $provision_cmd = join(" ", @{$ctx->{provision_options}});
733 unless (system($provision_cmd) == 0) {
734 warn("Unable to provision: \n$provision_cmd\n");
741 sub provision($$$$$$$$$)
743 my ($self, $prefix, $server_role, $netbiosname, $netbiosalias,
744 $domain, $realm, $functional_level,
745 $swiface, $password, $kdc_ipv4, $extra_smbconf_options) = @_;
747 my $ctx = $self->provision_raw_prepare($prefix, $server_role,
748 $netbiosname, $netbiosalias,
749 $domain, $realm, $functional_level,
750 $swiface, $password, $kdc_ipv4);
752 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp";
753 push(@{$ctx->{directories}}, "$ctx->{tmpdir}");
754 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test1");
755 push(@{$ctx->{directories}}, "$ctx->{tmpdir}/test2");
757 $msdfs = "yes" if ($server_role eq "domain controller");
758 $ctx->{smb_conf_extra_options} = "
761 server max protocol = SMB2
762 $extra_smbconf_options
767 path = $ctx->{tmpdir}
769 posix:sharedelay = 10000
770 posix:oplocktimeout = 3
771 posix:writetimeupdatedelay = 500000
774 path = $ctx->{tmpdir}/test1
776 posix:sharedelay = 10000
777 posix:oplocktimeout = 3
778 posix:writetimeupdatedelay = 50000
781 path = $ctx->{tmpdir}/test2
783 posix:sharedelay = 10000
784 posix:oplocktimeout = 3
785 posix:writetimeupdatedelay = 50000
790 cifs:server = $ctx->{netbiosname}
792 #There is no username specified here, instead the client is expected
793 #to log in with kerberos, and the serverwill use delegated credentials.
796 path = $ctx->{tmpdir}
798 ntvfs handler = simple
801 path = $ctx->{lockdir}/sysvol
805 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
810 ntvfs handler = cifsposix
813 if (defined($self->{ldap})) {
814 $ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
815 push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
817 my $ldap_uri= "$ctx->{ldapdir}/ldapi";
818 $ldap_uri =~ s|/|%2F|g;
819 $ldap_uri = "ldapi://$ldap_uri";
820 $ctx->{ldap_uri} = $ldap_uri;
821 if ($self->{ldap} eq "fedora-ds") {
822 $ctx->{sid_generator} = "backend";
825 $ctx->{ldap_instance} = lc($ctx->{netbiosname});
828 my $ret = $self->provision_raw_step1($ctx);
833 if (defined($self->{ldap})) {
834 $ret->{LDAP_URI} = $ctx->{ldap_uri};
835 push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
836 push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
837 if ($self->{ldap} eq "openldap") {
838 push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
839 ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
841 } elsif ($self->{ldap} eq "fedora-ds") {
842 push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
843 push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
844 ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
849 return $self->provision_raw_step2($ctx, $ret);
852 sub provision_member($$$)
854 my ($self, $prefix, $dcvars) = @_;
855 print "PROVISIONING MEMBER...";
857 my $ret = $self->provision($prefix,
866 $dcvars->{SERVER_IP},
872 my $net = $self->bindir_path("net");
874 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
875 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
876 $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{REALM} member";
877 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
879 unless (system($cmd) == 0) {
880 warn("Join failed\n$cmd");
884 $ret->{MEMBER_SERVER} = $ret->{SERVER};
885 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
886 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
887 $ret->{MEMBER_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
888 $ret->{MEMBER_USERNAME} = $ret->{USERNAME};
889 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
891 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
892 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
893 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
894 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
895 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
896 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
901 sub provision_rpc_proxy($$$)
903 my ($self, $prefix, $dcvars) = @_;
904 print "PROVISIONING RPC PROXY...";
906 my $extra_smbconf_options = "dcerpc_remote:binding = ncacn_ip_tcp:localdc
907 dcerpc endpoint servers = epmapper, remote
908 dcerpc_remote:interfaces = rpcecho
911 my $ret = $self->provision($prefix,
920 $dcvars->{SERVER_IP},
921 $extra_smbconf_options);
927 my $net = $self->bindir_path("net");
929 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
930 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
931 $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{REALM} member";
932 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
934 unless (system($cmd) == 0) {
935 warn("Join failed\n$cmd");
939 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
940 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
941 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
942 $ret->{RPC_PROXY_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
943 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
944 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
949 sub provision_vampire_dc($$$)
951 my ($self, $prefix, $dcvars) = @_;
952 print "PROVISIONING VAMPIRE DC...";
954 # We do this so that we don't run the provision. That's the job of 'net vampire'.
955 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
961 2, $dcvars->{PASSWORD},
962 $dcvars->{SERVER_IP});
964 $ctx->{smb_conf_extra_options} = "
966 server max protocol = SMB2
969 path = $ctx->{lockdir}/sysvol
973 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
978 my $ret = $self->provision_raw_step1($ctx);
983 my $net = $self->bindir_path("net");
985 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
986 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
987 $cmd .= "$net vampire $ret->{CONFIGURATION} $dcvars->{REALM} --realm=$dcvars->{REALM}";
988 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
990 unless (system($cmd) == 0) {
991 warn("Join failed\n$cmd");
995 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
996 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
997 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
998 $ret->{VAMPIRE_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1000 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1001 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1002 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1003 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
1004 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1005 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1010 sub provision_dc($$)
1012 my ($self, $prefix) = @_;
1014 print "PROVISIONING DC...";
1015 my $ret = $self->provision($prefix,
1016 "domain controller",
1020 "samba.example.com",
1026 unless($self->add_wins_config("$prefix/private")) {
1027 warn("Unable to add wins configuration");
1031 $ret->{DC_SERVER} = $ret->{SERVER};
1032 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1033 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1034 $ret->{DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1035 $ret->{DC_USERNAME} = $ret->{USERNAME};
1036 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1041 sub provision_fl2000dc($$)
1043 my ($self, $prefix) = @_;
1045 print "PROVISIONING DC...";
1046 my $ret = $self->provision($prefix,
1047 "domain controller",
1051 "samba2000.example.com",
1057 unless($self->add_wins_config("$prefix/private")) {
1058 warn("Unable to add wins configuration");
1065 sub provision_fl2003dc($$)
1067 my ($self, $prefix) = @_;
1069 print "PROVISIONING DC...";
1070 my $ret = $self->provision($prefix,
1071 "domain controller",
1075 "samba2003.example.com",
1081 unless($self->add_wins_config("$prefix/private")) {
1082 warn("Unable to add wins configuration");
1089 sub provision_fl2008r2dc($$)
1091 my ($self, $prefix) = @_;
1093 print "PROVISIONING DC...";
1094 my $ret = $self->provision($prefix,
1095 "domain controller",
1099 "samba2008R2.example.com",
1105 unless ($self->add_wins_config("$prefix/private")) {
1106 warn("Unable to add wins configuration");
1114 sub provision_rodc($$$)
1116 my ($self, $prefix, $dcvars) = @_;
1117 print "PROVISIONING RODC...";
1119 # We do this so that we don't run the provision. That's the job of 'net join RODC'.
1120 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1124 "samba.example.com",
1126 8, $dcvars->{PASSWORD},
1127 $dcvars->{SERVER_IP});
1132 $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp";
1133 push(@{$ctx->{directories}}, "$ctx->{tmpdir}");
1135 $ctx->{smb_conf_extra_options} = "
1137 server max protocol = SMB2
1140 path = $ctx->{lockdir}/sysvol
1144 path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
1148 path = $ctx->{tmpdir}
1150 posix:sharedelay = 10000
1151 posix:oplocktimeout = 3
1152 posix:writetimeupdatedelay = 500000
1156 my $ret = $self->provision_raw_step1($ctx);
1161 my $net = $self->bindir_path("net");
1163 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1164 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1165 $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
1166 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1167 $cmd .= " --server=$dcvars->{DC_SERVER}";
1169 unless (system($cmd) == 0) {
1170 warn("RODC join failed\n$cmd");
1174 $ret->{RODC_DC_SERVER} = $ret->{SERVER};
1175 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
1176 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1177 $ret->{RODC_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
1179 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1180 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1181 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1182 $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
1183 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1184 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1189 sub teardown_env($$)
1191 my ($self, $envvars) = @_;
1196 if (open(IN, "<$envvars->{PIDDIR}/samba.pid")) {
1200 # Give the process 20 seconds to exit. gcov needs
1201 # this time to write out the covarge data
1203 until (kill(0, $pid) == 0) {
1204 # if no process sucessfully signalled, then we are done
1207 last if $count > 20;
1210 # If it is still around, kill it
1212 print "server process $pid took more than $count seconds to exit, killing\n";
1217 my $failed = $? >> 8;
1219 $self->slapd_stop($envvars) if ($self->{ldap});
1221 print $self->getlog_env($envvars);
1228 my ($self, $envvars) = @_;
1229 my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
1232 open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
1234 seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
1238 $envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
1241 return "" if $out eq $title;
1248 my ($self, $envvars) = @_;
1250 return (-p $envvars->{SAMBA_TEST_FIFO});
1255 my ($self, $envname, $path) = @_;
1257 $ENV{ENVNAME} = $envname;
1259 if ($envname eq "dc") {
1260 return $self->setup_dc("$path/dc");
1261 } elsif ($envname eq "fl2000dc") {
1262 return $self->setup_fl2000dc("$path/fl2000dc");
1263 } elsif ($envname eq "fl2003dc") {
1264 return $self->setup_fl2003dc("$path/fl2003dc");
1265 } elsif ($envname eq "fl2008r2dc") {
1266 return $self->setup_fl2008r2dc("$path/fl2008r2dc");
1267 } elsif ($envname eq "rpc_proxy") {
1268 if (not defined($self->{vars}->{dc})) {
1269 $self->setup_dc("$path/dc");
1271 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
1272 } elsif ($envname eq "vampire_dc") {
1273 if (not defined($self->{vars}->{dc})) {
1274 $self->setup_dc("$path/dc");
1276 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
1277 } elsif ($envname eq "member") {
1278 if (not defined($self->{vars}->{dc})) {
1279 $self->setup_dc("$path/dc");
1281 return $self->setup_member("$path/member", $self->{vars}->{dc});
1282 } elsif ($envname eq "rodc") {
1283 if (not defined($self->{vars}->{dc})) {
1284 $self->setup_dc("$path/dc");
1286 return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
1287 } elsif ($envname eq "all") {
1288 if (not defined($self->{vars}->{dc})) {
1289 $self->setup_dc("$path/dc");
1291 my $ret = $self->setup_member("$path/member", $self->{vars}->{dc});
1292 if (not defined($self->{vars}->{rpc_proxy})) {
1293 my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
1295 $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER};
1296 $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP};
1297 $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME};
1298 $ret->{RPC_PROXY_NETBIOSALIAS} = $rpc_proxy_ret->{NETBIOSALIAS};
1299 $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME};
1300 $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD};
1302 if (not defined($self->{vars}->{fl2000dc})) {
1303 my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc});
1305 $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER};
1306 $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP};
1307 $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME};
1308 $ret->{FL2000DC_NETBIOSALIAS} = $fl2000dc_ret->{NETBIOSALIAS};
1309 $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME};
1310 $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD};
1312 if (not defined($self->{vars}->{fl2003dc})) {
1313 my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc});
1315 $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER};
1316 $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP};
1317 $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME};
1318 $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS};
1319 $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME};
1320 $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD};
1322 if (not defined($self->{vars}->{fl2008r2dc})) {
1323 my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc});
1325 $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER};
1326 $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP};
1327 $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME};
1328 $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS};
1329 $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
1330 $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
1334 warn("Samba4 can't provide environment '$envname'");
1339 sub setup_member($$$)
1341 my ($self, $path, $dc_vars) = @_;
1343 my $env = $self->provision_member($path, $dc_vars);
1345 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));
1347 $self->wait_for_start($env);
1349 $self->{vars}->{member} = $env;
1354 sub setup_rpc_proxy($$$)
1356 my ($self, $path, $dc_vars) = @_;
1358 my $env = $self->provision_rpc_proxy($path, $dc_vars);
1360 $self->check_or_start($env, ($ENV{SMBD_MAXTIME} or 7500));
1362 $self->wait_for_start($env);
1364 $self->{vars}->{rpc_proxy} = $env;
1371 my ($self, $path) = @_;
1373 my $env = $self->provision_dc($path);
1375 $self->check_or_start($env,
1376 ($ENV{SMBD_MAXTIME} or 7500));
1378 $self->wait_for_start($env);
1380 $self->{vars}->{dc} = $env;
1385 sub setup_fl2000dc($$)
1387 my ($self, $path) = @_;
1389 my $env = $self->provision_fl2000dc($path);
1391 $self->check_or_start($env,
1392 ($ENV{SMBD_MAXTIME} or 7500));
1394 $self->wait_for_start($env);
1396 $self->{vars}->{fl2000dc} = $env;
1401 sub setup_fl2003dc($$)
1403 my ($self, $path) = @_;
1405 my $env = $self->provision_fl2003dc($path);
1407 $self->check_or_start($env,
1408 ($ENV{SMBD_MAXTIME} or 7500));
1410 $self->wait_for_start($env);
1412 $self->{vars}->{fl2003dc} = $env;
1417 sub setup_fl2008r2dc($$)
1419 my ($self, $path) = @_;
1421 my $env = $self->provision_fl2008r2dc($path);
1423 $self->check_or_start($env,
1424 ($ENV{SMBD_MAXTIME} or 7500));
1426 $self->wait_for_start($env);
1428 $self->{vars}->{fl2008r2dc} = $env;
1433 sub setup_vampire_dc($$$)
1435 my ($self, $path, $dc_vars) = @_;
1437 my $env = $self->provision_vampire_dc($path, $dc_vars);
1439 $self->check_or_start($env,
1440 ($ENV{SMBD_MAXTIME} or 7500));
1442 $self->wait_for_start($env);
1444 $self->{vars}->{vampire_dc} = $env;
1446 # force replicated DC to update repsTo/repsFrom
1447 # for vampired partitions
1448 my $net = $self->bindir_path("net");
1450 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
1451 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
1452 $cmd .= " $net drs kcc $env->{DC_SERVER}";
1453 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
1454 unless (system($cmd) == 0) {
1455 warn("Failed to exec kcc\n$cmd");
1459 # as 'vampired' dc may add data in its local replica
1460 # we need to synchronize data between DCs
1461 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
1462 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
1463 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
1464 $cmd .= " $net drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}";
1465 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
1466 # replicate Configuration NC
1467 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
1468 unless(system($cmd_repl) == 0) {
1469 warn("Failed to replicate\n$cmd_repl");
1472 # replicate Default NC
1473 $cmd_repl = "$cmd \"$base_dn\"";
1474 unless(system($cmd_repl) == 0) {
1475 warn("Failed to replicate\n$cmd_repl");
1484 my ($self, $path, $dc_vars) = @_;
1486 my $env = $self->provision_rodc($path, $dc_vars);
1492 $self->check_or_start($env,
1493 ($ENV{SMBD_MAXTIME} or 7500));
1495 $self->wait_for_start($env);
1497 $self->{vars}->{rodc} = $env;