2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
6 # NOTE: Refer to the README for more details about the various testenvs,
7 # and tips about adding new testenvs.
14 use FindBin qw($RealBin);
17 use File::Path 'remove_tree';
21 my ($self, $path, $env) = @_;
30 my $smbd_build_options = Samba::bindir_path($self, "smbd") . " --configfile=/dev/null -b|";
31 open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!");
40 # If we were not built with ADS support, pretend we were never even available
41 print "smbd does not have ADS support\n" unless $found_ads;
45 # return smb.conf parameters applicable to @path, based on the underlying
47 sub get_fs_specific_conf($$)
49 my ($self, $path) = @_;
51 my $stat_out = `stat --file-system $path` or return "";
53 if ($stat_out =~ m/Type:\s+btrfs/) {
54 $mods .= "streams_xattr btrfs";
58 return "vfs objects = $mods";
65 my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_;
66 my $self = { vars => {},
67 SambaCtx => $SambaCtx,
70 server_maxtime => $server_maxtime
78 my ($self, $envvars) = @_;
80 if (defined($envvars->{CTDB_PREFIX})) {
81 $self->teardown_env_ctdb($envvars);
83 $self->teardown_env_samba($envvars);
89 sub teardown_env_samba($$)
91 my ($self, $envvars) = @_;
94 # This should cause smbd to terminate gracefully
95 close($envvars->{STDIN_PIPE});
97 my $smbdpid = $envvars->{SMBD_TL_PID};
98 my $nmbdpid = $envvars->{NMBD_TL_PID};
99 my $winbinddpid = $envvars->{WINBINDD_TL_PID};
101 # This should give it time to write out the gcov data
102 until ($count > 20) {
103 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
104 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
105 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
108 && $winbinddchild == -1) {
115 if ($count <= 20 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
119 $self->stop_sig_term($smbdpid);
120 $self->stop_sig_term($nmbdpid);
121 $self->stop_sig_term($winbinddpid);
124 until ($count > 10) {
125 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
126 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
127 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
130 && $winbinddchild == -1) {
137 if ($count <= 10 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
141 warn("timelimit process did not quit on SIGTERM, sending SIGKILL");
142 $self->stop_sig_kill($smbdpid);
143 $self->stop_sig_kill($nmbdpid);
144 $self->stop_sig_kill($winbinddpid);
149 sub teardown_env_ctdb($$)
151 my ($self, $data) = @_;
153 if (defined($data->{SAMBA_NODES})) {
154 my $num_nodes = $data->{NUM_NODES};
155 my $nodes = $data->{SAMBA_NODES};
157 for (my $i = 0; $i < $num_nodes; $i++) {
158 if (defined($nodes->[$i])) {
159 $self->teardown_env_samba($nodes->[$i]);
164 close($data->{CTDB_STDIN_PIPE});
166 if (not defined($data->{SAMBA_NODES})) {
167 # Give waiting children time to exit
174 sub getlog_env_app($$$)
176 my ($self, $envvars, $name) = @_;
178 my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n";
181 open(LOG, "<".$envvars->{$name."_TEST_LOG"});
183 seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET);
187 $envvars->{$name."_TEST_LOG_POS"} = tell(LOG);
190 return "" if $out eq $title;
197 my ($self, $envvars) = @_;
200 $ret .= $self->getlog_env_app($envvars, "SMBD");
201 $ret .= $self->getlog_env_app($envvars, "NMBD");
202 $ret .= $self->getlog_env_app($envvars, "WINBINDD");
209 my ($self, $envvars) = @_;
211 my $childpid = waitpid(-1, WNOHANG);
217 # Declare the environments Samba3 makes available.
218 # To be set up, they will be called as
219 # samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...)
220 %Samba3::ENV_DEPS = (
221 # name => [dep_1, dep_2, ...],
224 nt4_dc_smb1_done => ["nt4_dc_smb1"],
225 nt4_dc_schannel => [],
229 fileserver_smb1 => [],
230 fileserver_smb1_done => ["fileserver_smb1"],
234 nt4_member => ["nt4_dc"],
236 ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"],
237 ad_member_rfc2307 => ["ad_dc_ntvfs"],
238 ad_member_idmap_rid => ["ad_dc"],
239 ad_member_idmap_ad => ["fl2008r2dc"],
240 ad_member_fips => ["ad_dc_fips"],
241 ad_member_offlogon => ["ad_dc"],
243 clusteredmember => ["nt4_dc"],
246 %Samba3::ENV_DEPS_POST = ();
250 my ($self, $path, $more_conf, $server) = @_;
252 print "PROVISIONING NT4 DC...";
254 my $nt4_dc_options = "
259 raw NTLMv2 auth = yes
260 server schannel = auto
262 rpc_server:epmapper = external
263 rpc_server:spoolss = external
264 rpc_server:lsarpc = external
265 rpc_server:samr = external
266 rpc_server:netlogon = external
267 rpc_server:register_embedded_np = yes
268 rpc_server:FssagentRpc = external
270 rpc_daemon:epmd = fork
271 rpc_daemon:spoolssd = fork
272 rpc_daemon:lsasd = fork
273 rpc_daemon:fssd = fork
274 fss: sequence timeout = 1
275 check parent directory delete on close = yes
278 if (defined($more_conf)) {
279 $nt4_dc_options = $nt4_dc_options . $more_conf;
281 if (!defined($server)) {
282 $server = "LOCALNT4DC2";
284 my $vars = $self->provision(
286 domain => "SAMBA-TEST",
288 password => "localntdc2pass",
289 extra_options => $nt4_dc_options);
291 $vars or return undef;
293 if (not $self->check_or_start(
301 $vars->{DOMSID} = $vars->{SAMSID};
302 $vars->{DC_SERVER} = $vars->{SERVER};
303 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
304 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
305 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
306 $vars->{DC_USERNAME} = $vars->{USERNAME};
307 $vars->{DC_PASSWORD} = $vars->{PASSWORD};
312 sub setup_nt4_dc_smb1
314 my ($self, $path) = @_;
317 client min protocol = CORE
318 server min protocol = LANMAN1
320 return $self->setup_nt4_dc($path, $conf, "LCLNT4DC2SMB1");
323 sub setup_nt4_dc_smb1_done
325 my ($self, $path, $dep_env) = @_;
326 return $self->return_alias_env($path, $dep_env);
329 sub setup_nt4_dc_schannel
331 my ($self, $path) = @_;
333 print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ...";
340 rpc_server:epmapper = external
341 rpc_server:spoolss = external
342 rpc_server:lsarpc = external
343 rpc_server:samr = external
344 rpc_server:netlogon = external
345 rpc_server:register_embedded_np = yes
347 rpc_daemon:epmd = fork
348 rpc_daemon:spoolssd = fork
349 rpc_daemon:lsasd = fork
351 server schannel = yes
352 # used to reproduce bug #12772
353 server max protocol = SMB2_02
356 my $vars = $self->provision(
358 domain => "NT4SCHANNEL",
359 server => "LOCALNT4DC9",
360 password => "localntdc9pass",
361 extra_options => $pdc_options);
363 $vars or return undef;
365 if (not $self->check_or_start(
373 $vars->{DOMSID} = $vars->{SAMSID};
374 $vars->{DC_SERVER} = $vars->{SERVER};
375 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
376 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
377 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
378 $vars->{DC_USERNAME} = $vars->{USERNAME};
379 $vars->{DC_PASSWORD} = $vars->{PASSWORD};
386 my ($self, $prefix, $nt4_dc_vars) = @_;
390 print "PROVISIONING MEMBER...";
392 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
393 if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") {
394 $require_mutexes = "";
397 my $member_options = "
399 dbwrap_tdb_mutexes:* = yes
402 my $ret = $self->provision(
404 domain => $nt4_dc_vars->{DOMAIN},
405 server => "LOCALNT4MEMBER3",
406 password => "localnt4member3pass",
407 extra_options => $member_options);
409 $ret or return undef;
411 my $nmblookup = Samba::bindir_path($self, "nmblookup");
413 print "Waiting for the LOGON SERVER registration ...\n";
414 $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c");
419 } while ($rc != 0 && $count < 10);
421 print "NMBD not reachable after 10 retries\n";
422 teardown_env($self, $ret);
426 my $net = Samba::bindir_path($self, "net");
427 # Add hosts file for name lookups
428 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
429 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
430 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
431 $cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
432 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
434 if (system($cmd) != 0) {
435 warn("Join failed\n$cmd");
439 # Add hosts file for name lookups
440 $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
441 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
442 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
443 $cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'";
445 if (system($cmd) != 0) {
446 warn("check failed\n$cmd");
450 if (not $self->check_or_start(
458 $ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
459 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
460 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
461 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
462 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
463 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
464 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
469 sub setup_clusteredmember
471 my ($self, $prefix, $nt4_dc_vars) = @_;
477 print "PROVISIONING CLUSTEREDMEMBER...\n";
479 my $prefix_abs = abs_path($prefix);
480 mkdir($prefix_abs, 0777);
482 my $server_name = "CLUSTEREDMEMBER";
484 my $ctdb_data = $self->setup_ctdb($prefix);
486 if (not $ctdb_data) {
487 print "No ctdb data\n";
491 print "PROVISIONING CLUSTERED SAMBA...\n";
493 my $num_nodes = $ctdb_data->{NUM_NODES};
494 my $nodes = $ctdb_data->{CTDB_NODES};
496 # Enable cleanup of earlier nodes if a later node fails
497 $ctdb_data->{SAMBA_NODES} = \@retvals;
499 for (my $i = 0; $i < $num_nodes; $i++) {
500 my $node = $nodes->[$i];
501 my $socket = $node->{SOCKET_FILE};
502 my $server_name = $node->{SERVER_NAME};
503 my $pub_iface = $node->{SOCKET_WRAPPER_DEFAULT_IFACE};
504 my $node_prefix = $node->{NODE_PREFIX};
506 print "NODE_PREFIX=${node_prefix}\n";
507 print "SOCKET=${socket}\n";
509 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
510 if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") {
511 $require_mutexes = "" ;
514 my $member_options = "
518 ctdbd socket = ${socket}
519 dbwrap_tdb_mutexes:* = yes
523 my $node_ret = $self->provision(
524 prefix => "$node_prefix",
525 domain => $nt4_dc_vars->{DOMAIN},
526 server => "$server_name",
527 password => "clustermember8pass",
528 netbios_name => "CLUSTEREDMEMBER",
529 share_dir => "${prefix_abs}/shared",
530 extra_options => $member_options,
531 no_delete_prefix => 1);
533 print "Provision node $i failed\n";
534 teardown_env($self, $ctdb_data);
538 my $nmblookup = Samba::bindir_path($self, "nmblookup");
540 print "Waiting for the LOGON SERVER registration ...\n";
541 $rc = system("$nmblookup $node_ret->{CONFIGURATION} " .
542 "$node_ret->{DOMAIN}\#1c");
547 } while ($rc != 0 && $count < 10);
550 print "NMBD not reachable after 10 retries\n";
551 teardown_env($self, $node_ret);
552 teardown_env($self, $ctdb_data);
556 push(@retvals, $node_ret);
559 $ret = {%$ctdb_data, %{$retvals[0]}};
561 my $net = Samba::bindir_path($self, "net");
563 $cmd .= "UID_WRAPPER_ROOT=1 ";
564 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
565 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
566 $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
567 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
569 if (system($cmd) != 0) {
570 warn("Join failed\n$cmd");
571 teardown_env($self, $ret);
575 for (my $i=0; $i<@retvals; $i++) {
576 my $node_provision = $retvals[$i];
578 $ok = $self->check_or_start(
579 env_vars => $node_provision,
582 child_cleanup => sub {
584 my $fh = $_->{STDIN_PIPE};
585 close($fh) if defined($fh);
588 teardown_env($self, $ret);
594 # Build a unclist for every share
596 unless (open(NODES, "<$ret->{CTDB_NODES_FILE}")) {
597 warn("Unable to open CTDB nodes file");
598 teardown_env($self, $ret);
605 my $conffile = $ret->{SERVERCONFFILE};
607 $cmd .= 'sed -n -e \'s|^\[\(.*\)\]$|\1|p\'';
608 $cmd .= " \"$conffile\"";
609 $cmd .= " | grep -vx 'global'";
614 warn("Listing shares failed\n$cmd");
615 teardown_env($self, $ret);
620 my $unclistdir = "${prefix_abs}/unclists";
621 mkdir($unclistdir, 0777);
622 foreach my $share (@shares) {
623 my $l = "${unclistdir}/${share}.txt";
624 unless (open(UNCLIST, ">${l}")) {
625 warn("Unable to open UNC list ${l}");
626 teardown_env($self, $ret);
629 foreach my $node (@nodes) {
630 print UNCLIST "//${node}/${share}\n";
635 $ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
636 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
637 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
638 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
639 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
640 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
641 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
646 sub provision_ad_member
655 $offline_logon) = @_;
657 my $prefix_abs = abs_path($prefix);
660 mkdir($prefix_abs, 0777);
662 my $share_dir="$prefix_abs/share";
663 push(@dirs, $share_dir);
665 my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}";
666 push(@dirs, $substitution_path);
668 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice";
669 push(@dirs, $substitution_path);
671 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users";
672 push(@dirs, $substitution_path);
674 # Using '/' as the winbind separator is a bad idea ...
675 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}";
676 push(@dirs, $substitution_path);
678 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice";
679 push(@dirs, $substitution_path);
681 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}";
682 push(@dirs, $substitution_path);
684 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users";
685 push(@dirs, $substitution_path);
687 my $option_offline_logon = "no";
688 if (defined($offline_logon)) {
689 $option_offline_logon = "yes";
692 my $netbios_aliases = "";
693 if ($machine_account eq "LOCALADMEMBER") {
694 $netbios_aliases = "netbios aliases = foo bar";
697 my $member_options = "
699 workgroup = $dcvars->{DOMAIN}
700 realm = $dcvars->{REALM}
702 template homedir = /home/%D/%G/%U
703 auth event notification = true
704 password server = $dcvars->{SERVER}
705 winbind scan trusted domains = no
706 winbind use krb5 enterprise principals = yes
707 winbind offline logon = $option_offline_logon
709 allow dcerpc auth level connect:lsarpc = yes
710 dcesrv:max auth states = 8
712 rpc_server:epmapper = external
713 rpc_server:lsarpc = external
714 rpc_server:samr = external
715 rpc_server:netlogon = disabled
716 rpc_server:register_embedded_np = yes
718 rpc_daemon:epmd = fork
719 rpc_daemon:lsasd = fork
722 path = $share_dir/D_%D/U_%U/G_%G
726 path = $share_dir/D_%D/u_%u/g_%g
731 valid users = ADDOMAIN/%U
733 [sub_valid_users_domain]
737 [sub_valid_users_group]
739 valid users = \@$dcvars->{DOMAIN}/%G
743 valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
747 valid users = \"\@$dcvars->{DOMAIN}/domain users\"
749 [valid_users_unix_group]
751 valid users = \"+$dcvars->{DOMAIN}/domain users\"
753 [valid_users_unix_nis_group]
755 valid users = \"+&$dcvars->{DOMAIN}/domain users\"
757 [valid_users_nis_unix_group]
759 valid users = \"&+$dcvars->{DOMAIN}/domain users\"
763 invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
765 [valid_and_invalid_users]
767 valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice
768 invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
771 my $ret = $self->provision(
773 domain => $dcvars->{DOMAIN},
774 realm => $dcvars->{REALM},
775 server => $machine_account,
776 password => "loCalMemberPass",
777 extra_options => $member_options,
778 resolv_conf => $dcvars->{RESOLV_CONF});
780 $ret or return undef;
782 mkdir($_, 0777) foreach(@dirs);
785 $ret->{DOMAIN} = $dcvars->{DOMAIN};
786 $ret->{REALM} = $dcvars->{REALM};
787 $ret->{DOMSID} = $dcvars->{DOMSID};
791 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
792 $ctx->{domain} = $dcvars->{DOMAIN};
793 $ctx->{realm} = $dcvars->{REALM};
794 $ctx->{dnsname} = lc($dcvars->{REALM});
795 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
796 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
797 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
798 Samba::mk_krb5_conf($ctx, "");
800 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
802 if (defined($force_fips_mode)) {
803 $ret->{GNUTLS_FORCE_FIPS_MODE} = "1";
804 $ret->{OPENSSL_FORCE_FIPS_MODE} = "1";
807 my $net = Samba::bindir_path($self, "net");
808 # Add hosts file for name lookups
809 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
810 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
811 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
812 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
814 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
816 if (defined($force_fips_mode)) {
817 $cmd .= "GNUTLS_FORCE_FIPS_MODE=1 ";
818 $cmd .= "OPENSSL_FORCE_FIPS_MODE=1 ";
820 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
821 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
822 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
823 $cmd .= "$net join $ret->{CONFIGURATION}";
824 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required";
826 if (system($cmd) != 0) {
827 warn("Join failed\n$cmd");
831 # We need world access to this share, as otherwise the domain
832 # administrator from the AD domain provided by Samba4 can't
833 # access the share for tests.
834 chmod 0777, "$prefix/share";
836 if (defined($offline_logon)) {
837 my $wbinfo = Samba::bindir_path($self, "wbinfo");
839 if (not $self->check_or_start(
841 winbindd => "yes")) {
845 # Fill samlogoncache for alice
846 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
847 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
848 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
849 $cmd .= "$wbinfo --pam-logon=ADDOMAIN/alice%Secret007";
850 if (system($cmd) != 0) {
851 warn("Filling the cache failed\n$cmd");
855 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
856 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
857 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
858 $cmd .= "$wbinfo --ccache-save=ADDOMAIN/alice%Secret007";
859 if (system($cmd) != 0) {
860 warn("Filling the cache failed\n$cmd");
864 # Fill samlogoncache for bob
865 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
866 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
867 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
868 $cmd .= "$wbinfo --pam-logon=ADDOMAIN/bob%Secret007";
869 if (system($cmd) != 0) {
870 warn("Filling the cache failed\n$cmd");
874 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
875 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
876 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
877 $cmd .= "$wbinfo --ccache-save=ADDOMAIN/bob%Secret007";
878 if (system($cmd) != 0) {
879 warn("Filling the cache failed\n$cmd");
883 # Set windindd offline
884 my $smbcontrol = Samba::bindir_path($self, "smbcontrol");
885 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
886 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
887 $cmd .= "UID_WRAPPER_ROOT='1' ";
888 $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd offline";
889 if (system($cmd) != 0) {
890 warn("Setting winbindd offline failed\n$cmd");
894 # Validate the offline cache
895 my $smbcontrol = Samba::bindir_path($self, "smbcontrol");
896 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
897 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
898 $cmd .= "UID_WRAPPER_ROOT='1' ";
899 $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd validate-cache";
900 if (system($cmd) != 0) {
901 warn("Validation of winbind credential cache failed\n$cmd");
902 teardown_env($self, $ret);
907 teardown_env($self, $ret);
909 ### Change SOCKET_WRAPPER_DIR so it can't connect to AD
910 my $swrap_env = $ENV{SOCKET_WRAPPER_DIR};
911 $ENV{SOCKET_WRAPPER_DIR} = "$prefix_abs";
913 # Start winbindd in offline mode
914 if (not $self->check_or_start(
921 # Set socket dir again
922 $ENV{SOCKET_WRAPPER_DIR} = $swrap_env;
924 print "checking for winbindd\n";
927 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
928 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
929 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
930 $cmd .= "$wbinfo --ping";
938 } while ($rc != 0 && $count < 20);
940 print "WINBINDD not reachable after 20 seconds\n";
941 teardown_env($self, $ret);
945 if (not $self->check_or_start(
954 $ret->{DC_SERVER} = $dcvars->{SERVER};
955 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
956 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
957 $ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE};
958 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
959 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
960 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
963 $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER};
964 $ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP};
965 $ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6};
966 $ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME};
967 $ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME};
968 $ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD};
969 $ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN};
970 $ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM};
973 $ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER};
974 $ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP};
975 $ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6};
976 $ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME};
977 $ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME};
978 $ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD};
979 $ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN};
980 $ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM};
993 # If we didn't build with ADS, pretend this env was never available
994 if (not $self->have_ads()) {
998 print "PROVISIONING AD MEMBER...";
1000 return $self->provision_ad_member($prefix,
1007 sub setup_ad_member_rfc2307
1009 my ($self, $prefix, $dcvars) = @_;
1011 # If we didn't build with ADS, pretend this env was never available
1012 if (not $self->have_ads()) {
1016 print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config...";
1018 my $member_options = "
1020 workgroup = $dcvars->{DOMAIN}
1021 realm = $dcvars->{REALM}
1022 idmap cache time = 0
1023 idmap negative cache time = 0
1024 idmap config * : backend = autorid
1025 idmap config * : range = 1000000-1999999
1026 idmap config * : rangesize = 100000
1027 idmap config $dcvars->{DOMAIN} : backend = rfc2307
1028 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1029 idmap config $dcvars->{DOMAIN} : ldap_server = ad
1030 idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com
1031 idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
1033 password server = $dcvars->{SERVER}
1036 my $ret = $self->provision(
1038 domain => $dcvars->{DOMAIN},
1039 realm => $dcvars->{REALM},
1040 server => "RFC2307MEMBER",
1041 password => "loCalMemberPass",
1042 extra_options => $member_options,
1043 resolv_conf => $dcvars->{RESOLV_CONF});
1045 $ret or return undef;
1048 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1049 $ret->{REALM} = $dcvars->{REALM};
1050 $ret->{DOMSID} = $dcvars->{DOMSID};
1053 my $prefix_abs = abs_path($prefix);
1055 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1056 $ctx->{domain} = $dcvars->{DOMAIN};
1057 $ctx->{realm} = $dcvars->{REALM};
1058 $ctx->{dnsname} = lc($dcvars->{REALM});
1059 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1060 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1061 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1062 Samba::mk_krb5_conf($ctx, "");
1064 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1066 my $net = Samba::bindir_path($self, "net");
1067 # Add hosts file for name lookups
1068 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1069 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1070 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1071 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1073 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1075 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1076 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1077 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1078 $cmd .= "$net join $ret->{CONFIGURATION}";
1079 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1081 if (system($cmd) != 0) {
1082 warn("Join failed\n$cmd");
1086 # We need world access to this share, as otherwise the domain
1087 # administrator from the AD domain provided by Samba4 can't
1088 # access the share for tests.
1089 chmod 0777, "$prefix/share";
1091 if (not $self->check_or_start(
1099 $ret->{DC_SERVER} = $dcvars->{SERVER};
1100 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1101 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1102 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1103 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1104 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1109 sub setup_ad_member_idmap_rid
1111 my ($self, $prefix, $dcvars) = @_;
1113 # If we didn't build with ADS, pretend this env was never available
1114 if (not $self->have_ads()) {
1118 print "PROVISIONING S3 AD MEMBER WITH idmap_rid config...";
1120 my $member_options = "
1122 workgroup = $dcvars->{DOMAIN}
1123 realm = $dcvars->{REALM}
1124 idmap config * : backend = tdb
1125 idmap config * : range = 1000000-1999999
1126 idmap config $dcvars->{DOMAIN} : backend = rid
1127 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1128 # Prevent overridding the provisioned lib/krb5.conf which sets certain
1129 # values required for tests to succeed
1130 create krb5 conf = no
1131 map to guest = bad user
1134 my $ret = $self->provision(
1136 domain => $dcvars->{DOMAIN},
1137 realm => $dcvars->{REALM},
1138 server => "IDMAPRIDMEMBER",
1139 password => "loCalMemberPass",
1140 extra_options => $member_options,
1141 resolv_conf => $dcvars->{RESOLV_CONF});
1143 $ret or return undef;
1146 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1147 $ret->{REALM} = $dcvars->{REALM};
1148 $ret->{DOMSID} = $dcvars->{DOMSID};
1151 my $prefix_abs = abs_path($prefix);
1153 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1154 $ctx->{domain} = $dcvars->{DOMAIN};
1155 $ctx->{realm} = $dcvars->{REALM};
1156 $ctx->{dnsname} = lc($dcvars->{REALM});
1157 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1158 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1159 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1160 Samba::mk_krb5_conf($ctx, "");
1162 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1164 my $net = Samba::bindir_path($self, "net");
1165 # Add hosts file for name lookups
1166 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1167 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1168 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1169 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1171 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1173 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1174 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1175 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1176 $cmd .= "$net join $ret->{CONFIGURATION}";
1177 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1179 if (system($cmd) != 0) {
1180 warn("Join failed\n$cmd");
1184 # We need world access to this share, as otherwise the domain
1185 # administrator from the AD domain provided by Samba4 can't
1186 # access the share for tests.
1187 chmod 0777, "$prefix/share";
1189 if (not $self->check_or_start(
1197 $ret->{DC_SERVER} = $dcvars->{SERVER};
1198 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1199 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1200 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1201 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1202 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1207 sub setup_ad_member_idmap_ad
1209 my ($self, $prefix, $dcvars) = @_;
1211 # If we didn't build with ADS, pretend this env was never available
1212 if (not $self->have_ads()) {
1216 print "PROVISIONING S3 AD MEMBER WITH idmap_ad config...";
1218 my $member_options = "
1220 workgroup = $dcvars->{DOMAIN}
1221 realm = $dcvars->{REALM}
1222 password server = $dcvars->{SERVER}
1223 idmap config * : backend = tdb
1224 idmap config * : range = 1000000-1999999
1225 idmap config $dcvars->{DOMAIN} : backend = ad
1226 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1227 idmap config $dcvars->{DOMAIN} : unix_primary_group = yes
1228 idmap config $dcvars->{DOMAIN} : unix_nss_info = yes
1229 idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
1230 idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
1231 gensec_gssapi:requested_life_time = 5
1234 my $ret = $self->provision(
1236 domain => $dcvars->{DOMAIN},
1237 realm => $dcvars->{REALM},
1238 server => "IDMAPADMEMBER",
1239 password => "loCalMemberPass",
1240 extra_options => $member_options,
1241 resolv_conf => $dcvars->{RESOLV_CONF});
1243 $ret or return undef;
1246 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1247 $ret->{REALM} = $dcvars->{REALM};
1248 $ret->{DOMSID} = $dcvars->{DOMSID};
1251 my $prefix_abs = abs_path($prefix);
1253 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1254 $ctx->{domain} = $dcvars->{DOMAIN};
1255 $ctx->{realm} = $dcvars->{REALM};
1256 $ctx->{dnsname} = lc($dcvars->{REALM});
1257 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1258 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1259 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1260 Samba::mk_krb5_conf($ctx, "");
1262 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1264 my $net = Samba::bindir_path($self, "net");
1265 # Add hosts file for name lookups
1266 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1267 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1268 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1269 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1271 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1273 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1274 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1275 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1276 $cmd .= "$net join $ret->{CONFIGURATION}";
1277 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1279 if (system($cmd) != 0) {
1280 warn("Join failed\n$cmd");
1284 # We need world access to this share, as otherwise the domain
1285 # administrator from the AD domain provided by Samba4 can't
1286 # access the share for tests.
1287 chmod 0777, "$prefix/share";
1289 if (not $self->check_or_start(
1297 $ret->{DC_SERVER} = $dcvars->{SERVER};
1298 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1299 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1300 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1301 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1302 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1304 $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
1305 $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
1306 $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
1307 $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
1308 $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
1309 $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
1314 sub setup_ad_member_fips
1322 # If we didn't build with ADS, pretend this env was never available
1323 if (not $self->have_ads()) {
1327 print "PROVISIONING AD FIPS MEMBER...";
1329 return $self->provision_ad_member($prefix,
1337 sub setup_ad_member_offlogon
1345 # If we didn't build with ADS, pretend this env was never available
1346 if (not $self->have_ads()) {
1350 print "PROVISIONING AD MEMBER OFFLINE LOGON...";
1352 return $self->provision_ad_member($prefix,
1361 sub setup_simpleserver
1363 my ($self, $path) = @_;
1365 print "PROVISIONING simple server...";
1367 my $prefix_abs = abs_path($path);
1369 my $simpleserver_options = "
1372 vfs objects = xattr_tdb streams_depot
1374 server smb encrypt = off
1377 path = $prefix_abs/share
1379 vfs objects = aio_pthread
1380 aio_pthread:aio open = yes
1381 smbd:async dosmode = no
1383 [vfs_aio_pthread_async_dosmode_default1]
1384 path = $prefix_abs/share
1386 vfs objects = aio_pthread
1387 store dos attributes = yes
1388 aio_pthread:aio open = yes
1389 smbd:async dosmode = yes
1391 [vfs_aio_pthread_async_dosmode_default2]
1392 path = $prefix_abs/share
1394 vfs objects = aio_pthread xattr_tdb
1395 store dos attributes = yes
1396 aio_pthread:aio open = yes
1397 smbd:async dosmode = yes
1399 [vfs_aio_pthread_async_dosmode_force_sync1]
1400 path = $prefix_abs/share
1402 vfs objects = aio_pthread
1403 store dos attributes = yes
1404 aio_pthread:aio open = yes
1405 smbd:async dosmode = yes
1406 # This simulates non linux systems
1407 smbd:force sync user path safe threadpool = yes
1408 smbd:force sync user chdir safe threadpool = yes
1409 smbd:force sync root path safe threadpool = yes
1410 smbd:force sync root chdir safe threadpool = yes
1412 [vfs_aio_pthread_async_dosmode_force_sync2]
1413 path = $prefix_abs/share
1415 vfs objects = aio_pthread xattr_tdb
1416 store dos attributes = yes
1417 aio_pthread:aio open = yes
1418 smbd:async dosmode = yes
1419 # This simulates non linux systems
1420 smbd:force sync user path safe threadpool = yes
1421 smbd:force sync user chdir safe threadpool = yes
1422 smbd:force sync root path safe threadpool = yes
1423 smbd:force sync root chdir safe threadpool = yes
1426 path = $prefix_abs/share
1427 vfs objects = aio_fork
1429 vfs_aio_fork:erratic_testing_mode=yes
1432 path = $prefix_abs/share
1434 store dos attributes = yes
1435 hide files = /hidefile/
1436 hide dot files = yes
1439 path = $prefix_abs/share
1440 hide new files timeout = 5
1443 my $vars = $self->provision(
1445 domain => "WORKGROUP",
1446 server => "LOCALSHARE4",
1447 password => "local4pass",
1448 extra_options => $simpleserver_options);
1450 $vars or return undef;
1452 if (not $self->check_or_start(
1462 sub create_file_chmod($$)
1464 my ($name, $mode) = @_;
1467 unless (open($fh, '>', $name)) {
1468 warn("Unable to open $name");
1474 sub setup_fileserver
1476 my ($self, $path, $more_conf, $server) = @_;
1477 my $prefix_abs = abs_path($path);
1478 my $srcdir_abs = abs_path($self->{srcdir});
1480 print "PROVISIONING file server ...\n";
1484 mkdir($prefix_abs, 0777);
1486 my $usershare_dir="$prefix_abs/lib/usershare";
1488 mkdir("$prefix_abs/lib", 0755);
1489 remove_tree($usershare_dir);
1490 mkdir($usershare_dir, 01770);
1492 my $share_dir="$prefix_abs/share";
1494 # Create share directory structure
1495 my $lower_case_share_dir="$share_dir/lower-case";
1496 push(@dirs, $lower_case_share_dir);
1498 my $lower_case_share_dir_30000="$share_dir/lower-case-30000";
1499 push(@dirs, $lower_case_share_dir_30000);
1501 my $dfree_share_dir="$share_dir/dfree";
1502 push(@dirs, $dfree_share_dir);
1503 push(@dirs, "$dfree_share_dir/subdir1");
1504 push(@dirs, "$dfree_share_dir/subdir2");
1505 push(@dirs, "$dfree_share_dir/subdir3");
1507 my $quotadir_dir="$share_dir/quota";
1508 push(@dirs, $quotadir_dir);
1510 my $valid_users_sharedir="$share_dir/valid_users";
1511 push(@dirs,$valid_users_sharedir);
1513 my $offline_sharedir="$share_dir/offline";
1514 push(@dirs,$offline_sharedir);
1516 my $force_user_valid_users_dir = "$share_dir/force_user_valid_users";
1517 push(@dirs, $force_user_valid_users_dir);
1519 my $smbget_sharedir="$share_dir/smbget";
1520 push(@dirs,$smbget_sharedir);
1522 my $tarmode_sharedir="$share_dir/tarmode";
1523 push(@dirs,$tarmode_sharedir);
1525 my $tarmode2_sharedir="$share_dir/tarmode2";
1526 push(@dirs,$tarmode2_sharedir);
1528 my $smbcacls_sharedir="$share_dir/smbcacls";
1529 push(@dirs,$smbcacls_sharedir);
1531 my $usershare_sharedir="$share_dir/usershares";
1532 push(@dirs,$usershare_sharedir);
1534 my $dropbox_sharedir="$share_dir/dropbox";
1535 push(@dirs,$dropbox_sharedir);
1537 my $bad_iconv_sharedir="$share_dir/bad_iconv";
1538 push(@dirs, $bad_iconv_sharedir);
1540 my $ip4 = Samba::get_ipv4_addr("FILESERVER");
1541 my $fileserver_options = "
1542 kernel change notify = yes
1543 rpc_server:mdssvc = embedded
1544 spotlight backend = elasticsearch
1545 elasticsearch:address = $ip4
1546 elasticsearch:port = 8080
1547 elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json
1549 usershare path = $usershare_dir
1550 usershare max shares = 10
1551 usershare allow guests = yes
1552 usershare prefix allow list = $usershare_sharedir
1554 get quota command = $prefix_abs/getset_quota.py
1555 set quota command = $prefix_abs/getset_quota.py
1557 path = $tarmode_sharedir
1558 comment = tar test share
1559 xattr_tdb:file = $prefix_abs/tarmode-xattr.tdb
1561 path = $tarmode2_sharedir
1562 comment = tar test share
1563 xattr_tdb:file = $prefix_abs/tarmode2-xattr.tdb
1573 path = $lower_case_share_dir
1574 comment = smb username is [%U]
1575 case sensitive = True
1576 default case = lower
1578 short preserve case = no
1580 path = $lower_case_share_dir_30000
1581 comment = smb username is [%U]
1582 case sensitive = True
1583 default case = lower
1585 short preserve case = no
1587 path = $dfree_share_dir
1588 comment = smb username is [%U]
1589 dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh
1590 [valid-users-access]
1591 path = $valid_users_sharedir
1592 valid users = +userdup
1594 path = $offline_sharedir
1595 vfs objects = offline
1597 # BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
1598 # RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
1599 [force_user_valid_users]
1600 path = $force_user_valid_users_dir
1601 comment = force user with valid users combination test share
1602 valid users = +force_user
1603 force user = force_user
1604 force group = everyone
1605 write list = force_user
1608 path = $smbget_sharedir
1609 comment = smb username is [%U]
1613 comment = ignore system acls
1614 acl_xattr:ignore system acls = yes
1617 comment = inherit owner
1621 comment = inherit only unix owner
1622 inherit owner = unix only
1623 acl_xattr:ignore system acls = yes
1624 # BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
1627 comment = force group test
1628 # force group = everyone
1632 comment = smb username is [%U]
1634 force create mode = 0664
1635 vfs objects = dirsort
1638 path = $dropbox_sharedir
1639 comment = smb username is [%U]
1644 path = $bad_iconv_sharedir
1645 comment = smb username is [%U]
1649 comment = Home directories
1654 if (defined($more_conf)) {
1655 $fileserver_options = $fileserver_options . $more_conf;
1657 if (!defined($server)) {
1658 $server = "FILESERVER";
1661 my $vars = $self->provision(
1663 domain => "WORKGROUP",
1665 password => "fileserver",
1666 extra_options => $fileserver_options,
1667 no_delete_prefix => 1);
1669 $vars or return undef;
1671 if (not $self->check_or_start(
1679 mkdir($_, 0777) foreach(@dirs);
1681 ## Create case sensitive lower case share dir
1682 foreach my $file ('a'..'z') {
1683 my $full_path = $lower_case_share_dir . '/' . $file;
1684 open my $fh, '>', $full_path;
1685 # Add some content to file
1686 print $fh $full_path;
1690 for (my $file = 1; $file < 51; ++$file) {
1691 my $full_path = $lower_case_share_dir . '/' . $file;
1692 open my $fh, '>', $full_path;
1693 # Add some content to file
1694 print $fh $full_path;
1698 # Create content for 30000 share
1699 foreach my $file ('a'..'z') {
1700 my $full_path = $lower_case_share_dir_30000 . '/' . $file;
1701 open my $fh, '>', $full_path;
1702 # Add some content to file
1703 print $fh $full_path;
1707 for (my $file = 1; $file < 30001; ++$file) {
1708 my $full_path = $lower_case_share_dir_30000 . '/' . $file;
1709 open my $fh, '>', $full_path;
1710 # Add some content to file
1711 print $fh $full_path;
1716 ## create a listable file in valid_users_share
1718 create_file_chmod("$valid_users_sharedir/foo", 0644) or return undef;
1721 ## create a valid utf8 filename which is invalid as a CP850 conversion
1723 create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef;
1728 sub setup_fileserver_smb1
1730 my ($self, $path) = @_;
1731 my $prefix_abs = abs_path($path);
1734 client min protocol = CORE
1735 server min protocol = LANMAN1
1738 path = $prefix_abs/share
1739 hide new files timeout = 5
1741 path = $prefix_abs/share
1743 vfs objects = aio_pthread
1744 aio_pthread:aio open = yes
1745 smbd:async dosmode = no
1747 [vfs_aio_pthread_async_dosmode_default1]
1748 path = $prefix_abs/share
1750 vfs objects = aio_pthread
1751 store dos attributes = yes
1752 aio_pthread:aio open = yes
1753 smbd:async dosmode = yes
1755 [vfs_aio_pthread_async_dosmode_default2]
1756 path = $prefix_abs/share
1758 vfs objects = aio_pthread xattr_tdb
1759 store dos attributes = yes
1760 aio_pthread:aio open = yes
1761 smbd:async dosmode = yes
1763 [vfs_aio_pthread_async_dosmode_force_sync1]
1764 path = $prefix_abs/share
1766 vfs objects = aio_pthread
1767 store dos attributes = yes
1768 aio_pthread:aio open = yes
1769 smbd:async dosmode = yes
1770 # This simulates non linux systems
1771 smbd:force sync user path safe threadpool = yes
1772 smbd:force sync user chdir safe threadpool = yes
1773 smbd:force sync root path safe threadpool = yes
1774 smbd:force sync root chdir safe threadpool = yes
1776 [vfs_aio_pthread_async_dosmode_force_sync2]
1777 path = $prefix_abs/share
1779 vfs objects = aio_pthread xattr_tdb
1780 store dos attributes = yes
1781 aio_pthread:aio open = yes
1782 smbd:async dosmode = yes
1783 # This simulates non linux systems
1784 smbd:force sync user path safe threadpool = yes
1785 smbd:force sync user chdir safe threadpool = yes
1786 smbd:force sync root path safe threadpool = yes
1787 smbd:force sync root chdir safe threadpool = yes
1790 path = $prefix_abs/share
1791 vfs objects = aio_fork
1793 vfs_aio_fork:erratic_testing_mode=yes
1795 return $self->setup_fileserver($path, $conf, "FILESERVERSMB1");
1798 sub setup_fileserver_smb1_done
1800 my ($self, $path, $dep_env) = @_;
1801 return $self->return_alias_env($path, $dep_env);
1806 my ($self, $prefix) = @_;
1808 # If we didn't build with ADS, pretend this env was never available
1809 if (not $self->have_ads()) {
1813 print "PROVISIONING server with security=ads...";
1815 my $ktest_options = "
1817 realm = ktest.samba.example.com
1819 username map = $prefix/lib/username.map
1820 server signing = required
1821 server min protocol = SMB3_00
1822 client max protocol = SMB3
1824 # This disables NTLM auth against the local SAM, which
1825 # we use can then test this setting by.
1826 ntlm auth = disabled
1829 my $ret = $self->provision(
1832 server => "LOCALKTEST6",
1833 password => "localktest6pass",
1834 extra_options => $ktest_options);
1836 $ret or return undef;
1839 my $prefix_abs = abs_path($prefix);
1841 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1842 $ctx->{domain} = "KTEST";
1843 $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM";
1844 $ctx->{dnsname} = lc($ctx->{realm});
1845 $ctx->{kdc_ipv4} = "0.0.0.0";
1846 $ctx->{kdc_ipv6} = "::";
1847 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1848 Samba::mk_krb5_conf($ctx, "");
1850 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1852 open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
1854 $ret->{USERNAME} = KTEST\\Administrator
1858 #This is the secrets.tdb created by 'net ads join' from Samba3 to a
1859 #Samba4 DC with the same parameters as are being used here. The
1860 #domain SID is S-1-5-21-1071277805-689288055-3486227160
1861 $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297";
1862 $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160";
1864 system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb");
1865 chmod 0600, "$prefix/private/secrets.tdb";
1867 #Make sure there's no old ntdb file.
1868 system("rm -f $prefix/private/secrets.ntdb");
1870 #This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with:
1871 # "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232"
1873 #and having in krb5.conf:
1874 # ticket_lifetime = 799718400
1875 # renew_lifetime = 799718400
1877 # The commands for the -2 keytab where were:
1878 # kinit administrator@KTEST.SAMBA.EXAMPLE.COM
1879 # kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
1880 # kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
1881 # kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
1882 # kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
1884 # and then for the -3 keytab, I did
1886 # net changetrustpw; kdestroy and the same again.
1888 # This creates a credential cache with a very long lifetime (2036 at
1889 # at 2011-04), and shows that running 'net changetrustpw' does not
1890 # break existing logins (for the secrets.tdb method at least).
1893 $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
1895 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
1896 chmod 0600, "$prefix/krb5_ccache-2";
1898 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
1899 chmod 0600, "$prefix/krb5_ccache-3";
1901 # We need world access to this share, as otherwise the domain
1902 # administrator from the AD domain provided by ktest can't
1903 # access the share for tests.
1904 chmod 0777, "$prefix/share";
1906 if (not $self->check_or_start(
1915 sub setup_maptoguest
1917 my ($self, $path) = @_;
1918 my $prefix_abs = abs_path($path);
1919 my $libdir="$prefix_abs/lib";
1920 my $share_dir="$prefix_abs/share";
1921 my $errorinjectconf="$libdir/error_inject.conf";
1923 print "PROVISIONING maptoguest...";
1926 map to guest = bad user
1929 [force_user_error_inject]
1931 vfs objects = acl_xattr fake_acls xattr_tdb error_inject
1933 include = $errorinjectconf
1936 my $vars = $self->provision(
1938 domain => "WORKGROUP",
1939 server => "maptoguest",
1940 password => "maptoguestpass",
1941 extra_options => $options);
1943 $vars or return undef;
1945 if (not $self->check_or_start(
1955 sub stop_sig_term($$) {
1956 my ($self, $pid) = @_;
1957 kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
1960 sub stop_sig_kill($$) {
1961 my ($self, $pid) = @_;
1962 kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
1967 my ($env_vars, $app, $pid) = @_;
1969 open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid");
1976 my ($env_vars, $app) = @_;
1978 open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid");
1984 # builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc)
1987 my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_;
1989 my @optargs = ("-d0");
1990 if (defined($options)) {
1991 @optargs = split(/ /, $options);
1993 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
1995 if (defined($valgrind)) {
1996 @preargs = split(/ /, $valgrind);
1998 my @args = ("-F", "--no-process-group",
1999 "--configfile=$env_vars->{SERVERCONFFILE}",
2000 "-l", $env_vars->{LOGDIR});
2002 if (not defined($dont_log_stdout)) {
2003 push(@args, "--debug-stdout");
2005 return (@preargs, $binary, @args, @optargs);
2008 sub check_or_start($$) {
2009 my ($self, %args) = @_;
2010 my $env_vars = $args{env_vars};
2011 my $nmbd = $args{nmbd} // "no";
2012 my $winbindd = $args{winbindd} // "no";
2013 my $smbd = $args{smbd} // "no";
2014 my $child_cleanup = $args{child_cleanup};
2015 my $skip_wait = $args{skip_wait} // 0;
2019 # use a pipe for stdin in the child processes. This allows
2020 # those processes to monitor the pipe for EOF to ensure they
2021 # exit when the test script exits
2022 pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
2024 my $binary = Samba::bindir_path($self, "nmbd");
2025 my @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2026 $ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND},
2027 $ENV{NMBD_DONT_LOG_STDOUT});
2028 my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars);
2029 delete $nmbd_envs->{RESOLV_WRAPPER_CONF};
2030 delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS};
2032 # fork and exec() nmbd in the child process
2035 BINARY_PATH => $binary,
2036 FULL_CMD => [ @full_cmd ],
2037 LOG_FILE => $env_vars->{NMBD_TEST_LOG},
2038 PCAP_FILE => "env-$ENV{ENVNAME}-nmbd",
2039 ENV_VARS => $nmbd_envs,
2041 if ($nmbd ne "yes") {
2042 $daemon_ctx->{SKIP_DAEMON} = 1;
2044 my $pid = Samba::fork_and_exec(
2045 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2047 $env_vars->{NMBD_TL_PID} = $pid;
2048 write_pid($env_vars, "nmbd", $pid);
2050 $binary = Samba::bindir_path($self, "winbindd");
2051 @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2052 $ENV{WINBINDD_OPTIONS},
2053 $ENV{WINBINDD_VALGRIND},
2054 $ENV{WINBINDD_DONT_LOG_STDOUT});
2056 # fork and exec() winbindd in the child process
2059 BINARY_PATH => $binary,
2060 FULL_CMD => [ @full_cmd ],
2061 LOG_FILE => $env_vars->{WINBINDD_TEST_LOG},
2062 PCAP_FILE => "env-$ENV{ENVNAME}-winbindd",
2064 if ($winbindd ne "yes") {
2065 $daemon_ctx->{SKIP_DAEMON} = 1;
2068 $pid = Samba::fork_and_exec(
2069 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2071 $env_vars->{WINBINDD_TL_PID} = $pid;
2072 write_pid($env_vars, "winbindd", $pid);
2074 $binary = Samba::bindir_path($self, "smbd");
2075 @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2076 $ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND},
2077 $ENV{SMBD_DONT_LOG_STDOUT});
2079 # fork and exec() smbd in the child process
2082 BINARY_PATH => $binary,
2083 FULL_CMD => [ @full_cmd ],
2084 LOG_FILE => $env_vars->{SMBD_TEST_LOG},
2085 PCAP_FILE => "env-$ENV{ENVNAME}-smbd",
2087 if ($smbd ne "yes") {
2088 $daemon_ctx->{SKIP_DAEMON} = 1;
2091 $pid = Samba::fork_and_exec(
2092 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2094 $env_vars->{SMBD_TL_PID} = $pid;
2095 write_pid($env_vars, "smbd", $pid);
2097 # close the parent's read-end of the pipe
2098 close($STDIN_READER);
2104 return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd);
2107 sub createuser($$$$$)
2109 my ($self, $username, $password, $conffile, $env) = @_;
2110 my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null";
2113 while(my($var, $val) = each %$env) {
2114 $cmd = "$var=\"$val\" $cmd";
2117 unless (open(PWD, "|$cmd")) {
2118 warn("Unable to set password for $username account\n$cmd");
2121 print PWD "$password\n$password\n";
2122 unless (close(PWD)) {
2123 warn("Unable to set password for $username account\n$cmd");
2130 my ($self, %args) = @_;
2132 my $prefix = $args{prefix};
2133 my $domain = $args{domain};
2134 my $realm = $args{realm};
2135 my $server = $args{server};
2136 my $password = $args{password};
2137 my $extra_options = $args{extra_options};
2138 my $resolv_conf = $args{resolv_conf};
2139 my $no_delete_prefix= $args{no_delete_prefix};
2140 my $netbios_name = $args{netbios_name} // $server;
2141 my $server_log_level = $ENV{SERVER_LOG_LEVEL} || 1;
2144 ## setup the various environment variables we need
2147 my $samsid = Samba::random_domain_sid();
2148 my $swiface = Samba::get_interface($server);
2150 my %createuser_env = ();
2151 my $server_ip = Samba::get_ipv4_addr($server);
2152 my $server_ipv6 = Samba::get_ipv6_addr($server);
2154 if (defined($realm)) {
2155 $dns_domain = lc($realm);
2157 $dns_domain = "samba.example.com";
2160 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`);
2163 my $unix_gids_str = $);
2164 my @unix_gids = split(" ", $unix_gids_str);
2166 my $prefix_abs = abs_path($prefix);
2167 my $bindir_abs = abs_path($self->{bindir});
2171 my $shrdir=$args{share_dir} // "$prefix_abs/share";
2172 push(@dirs,$shrdir);
2174 my $libdir="$prefix_abs/lib";
2175 push(@dirs,$libdir);
2177 my $piddir="$prefix_abs/pid";
2178 push(@dirs,$piddir);
2180 my $privatedir="$prefix_abs/private";
2181 push(@dirs,$privatedir);
2183 my $cachedir = "$prefix_abs/cachedir";
2184 push(@dirs, $cachedir);
2186 my $binddnsdir = "$prefix_abs/bind-dns";
2187 push(@dirs, $binddnsdir);
2189 my $lockdir="$prefix_abs/lockdir";
2190 push(@dirs,$lockdir);
2192 my $eventlogdir="$prefix_abs/lockdir/eventlog";
2193 push(@dirs,$eventlogdir);
2195 my $logdir="$prefix_abs/logs";
2196 push(@dirs,$logdir);
2198 my $driver32dir="$shrdir/W32X86";
2199 push(@dirs,$driver32dir);
2201 my $driver64dir="$shrdir/x64";
2202 push(@dirs,$driver64dir);
2204 my $driver40dir="$shrdir/WIN40";
2205 push(@dirs,$driver40dir);
2207 my $ro_shrdir="$shrdir/root-tmp";
2208 push(@dirs,$ro_shrdir);
2210 my $noperm_shrdir="$shrdir/noperm-tmp";
2211 push(@dirs,$noperm_shrdir);
2213 my $msdfs_shrdir="$shrdir/msdfsshare";
2214 push(@dirs,$msdfs_shrdir);
2216 my $msdfs_deeppath="$msdfs_shrdir/deeppath";
2217 push(@dirs,$msdfs_deeppath);
2219 my $smbcacls_sharedir_dfs="$shrdir/smbcacls_sharedir_dfs";
2220 push(@dirs,$smbcacls_sharedir_dfs);
2222 my $smbcacls_share="$shrdir/smbcacls_share";
2223 push(@dirs,$smbcacls_share);
2225 my $smbcacls_share_testdir="$shrdir/smbcacls_share/smbcacls";
2226 push(@dirs,$smbcacls_share_testdir);
2228 my $badnames_shrdir="$shrdir/badnames";
2229 push(@dirs,$badnames_shrdir);
2231 my $lease1_shrdir="$shrdir/dynamic";
2232 push(@dirs,$lease1_shrdir);
2234 my $manglenames_shrdir="$shrdir/manglenames";
2235 push(@dirs,$manglenames_shrdir);
2237 my $widelinks_shrdir="$shrdir/widelinks";
2238 push(@dirs,$widelinks_shrdir);
2240 my $widelinks_linkdir="$shrdir/widelinks_foo";
2241 push(@dirs,$widelinks_linkdir);
2243 my $fsrvp_shrdir="$shrdir/fsrvp";
2244 push(@dirs,$fsrvp_shrdir);
2246 my $shadow_tstdir="$shrdir/shadow";
2247 push(@dirs,$shadow_tstdir);
2248 my $shadow_mntdir="$shadow_tstdir/mount";
2249 push(@dirs,$shadow_mntdir);
2250 my $shadow_basedir="$shadow_mntdir/base";
2251 push(@dirs,$shadow_basedir);
2252 my $shadow_shrdir="$shadow_basedir/share";
2253 push(@dirs,$shadow_shrdir);
2255 my $nosymlinks_shrdir="$shrdir/nosymlinks";
2256 push(@dirs,$nosymlinks_shrdir);
2258 my $local_symlinks_shrdir="$shrdir/local_symlinks";
2259 push(@dirs,$local_symlinks_shrdir);
2261 # this gets autocreated by winbindd
2262 my $wbsockdir="$prefix_abs/wbsock";
2264 my $nmbdsockdir="$prefix_abs/nmbd";
2265 unlink($nmbdsockdir);
2268 ## create the test directory layout
2270 die ("prefix_abs = ''") if $prefix_abs eq "";
2271 die ("prefix_abs = '/'") if $prefix_abs eq "/";
2273 mkdir($prefix_abs, 0777);
2274 print "CREATE TEST ENVIRONMENT IN '$prefix'...";
2275 if (not defined($no_delete_prefix) or not $no_delete_prefix) {
2276 system("rm -rf $prefix_abs/*");
2278 mkdir($_, 0777) foreach(@dirs);
2280 my $fs_specific_conf = $self->get_fs_specific_conf($shrdir);
2283 ## lockdir and piddir must be 0755
2285 chmod 0755, $lockdir;
2286 chmod 0755, $piddir;
2290 ## Create a directory without permissions to enter
2292 chmod 0000, $noperm_shrdir;
2295 ## create ro and msdfs share layout
2298 chmod 0755, $ro_shrdir;
2300 create_file_chmod("$ro_shrdir/unreadable_file", 0600) or return undef;
2302 create_file_chmod("$ro_shrdir/msdfs-target", 0600) or return undef;
2303 symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp",
2304 "$msdfs_shrdir/msdfs-src1";
2305 symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2";
2306 symlink "msdfs:$server_ip\\smbcacls_sharedir_dfs,$server_ipv6\\smbcacls_sharedir_dfs",
2307 "$msdfs_shrdir/smbcacls_sharedir_dfs";
2310 ## create bad names in $badnames_shrdir
2312 ## (An invalid name, would be mangled to 8.3).
2313 create_file_chmod("$badnames_shrdir/\340|\231\216\377\177",
2314 0600) or return undef;
2316 ## (A bad name, would not be mangled to 8.3).
2317 create_file_chmod("$badnames_shrdir/\240\276\346\327\377\177",
2318 0666) or return undef;
2320 ## (A bad good name).
2321 create_file_chmod("$badnames_shrdir/blank.txt",
2322 0666) or return undef;
2325 ## create mangleable directory names in $manglenames_shrdir
2327 my $manglename_target = "$manglenames_shrdir/foo:bar";
2328 mkdir($manglename_target, 0777);
2331 ## create symlinks for widelinks tests.
2333 my $widelinks_target = "$widelinks_linkdir/target";
2334 create_file_chmod("$widelinks_target", 0666) or return undef;
2337 ## This link should get ACCESS_DENIED
2339 symlink "$widelinks_target", "$widelinks_shrdir/source";
2341 ## This link should be allowed
2343 symlink "$widelinks_shrdir", "$widelinks_shrdir/dot";
2345 my $conffile="$libdir/server.conf";
2346 my $dfqconffile="$libdir/dfq.conf";
2347 my $errorinjectconf="$libdir/error_inject.conf";
2348 my $delayinjectconf="$libdir/delay_inject.conf";
2349 my $globalinjectconf="$libdir/global_inject.conf";
2351 my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
2352 my $nss_wrapper_passwd = "$privatedir/passwd";
2353 my $nss_wrapper_group = "$privatedir/group";
2354 my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts";
2355 my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file";
2357 my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl";
2359 my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl";
2361 my @eventlog_list = ("dns server", "application");
2364 ## calculate uids and gids
2367 my ($max_uid, $max_gid);
2368 my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
2369 my ($uid_pdbtest_wkn);
2371 my ($uid_force_user);
2372 my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
2373 my ($gid_userdup, $gid_everyone);
2374 my ($gid_force_user);
2379 my ($uid_slashuser);
2381 if ($unix_uid < 0xffff - 13) {
2384 $max_uid = $unix_uid;
2387 $uid_root = $max_uid - 1;
2388 $uid_nobody = $max_uid - 2;
2389 $uid_pdbtest = $max_uid - 3;
2390 $uid_pdbtest2 = $max_uid - 4;
2391 $uid_userdup = $max_uid - 5;
2392 $uid_pdbtest_wkn = $max_uid - 6;
2393 $uid_force_user = $max_uid - 7;
2394 $uid_smbget = $max_uid - 8;
2395 $uid_user1 = $max_uid - 9;
2396 $uid_user2 = $max_uid - 10;
2397 $uid_gooduser = $max_uid - 11;
2398 $uid_eviluser = $max_uid - 12;
2399 $uid_slashuser = $max_uid - 13;
2401 if ($unix_gids[0] < 0xffff - 8) {
2404 $max_gid = $unix_gids[0];
2407 $gid_nobody = $max_gid - 1;
2408 $gid_nogroup = $max_gid - 2;
2409 $gid_root = $max_gid - 3;
2410 $gid_domusers = $max_gid - 4;
2411 $gid_domadmins = $max_gid - 5;
2412 $gid_userdup = $max_gid - 6;
2413 $gid_everyone = $max_gid - 7;
2414 $gid_force_user = $max_gid - 8;
2420 unless (open(CONF, ">$conffile")) {
2421 warn("Unable to open $conffile");
2425 my $interfaces = Samba::get_interfaces_config($server);
2429 dcesrv:fuzz directory = $cachedir/fuzz
2430 netbios name = $netbios_name
2431 interfaces = $interfaces
2432 bind interfaces only = yes
2433 panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY)
2434 smbd:suicide mode = yes
2435 smbd:FSCTL_SMBTORTURE = yes
2437 client min protocol = SMB2_02
2438 server min protocol = SMB2_02
2440 server multi channel support = yes
2444 private dir = $privatedir
2445 binddns dir = $binddnsdir
2446 pid directory = $piddir
2447 lock directory = $lockdir
2448 log file = $logdir/log.\%m
2449 log level = $server_log_level
2453 state directory = $lockdir
2454 cache directory = $lockdir
2456 passdb backend = tdbsam
2460 add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
2461 add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g
2462 add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
2463 add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group
2464 delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u
2465 delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g
2466 delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group
2468 addprinter command = $mod_printer_pl -a -s $conffile --
2469 deleteprinter command = $mod_printer_pl -d -s $conffile --
2471 eventlog list = application \"dns server\"
2474 kernel change notify = no
2478 printcap name = /dev/null
2480 winbindd socket directory = $wbsockdir
2481 nmbd:socket dir = $nmbdsockdir
2482 idmap config * : range = 100000-200000
2483 winbind enum users = yes
2484 winbind enum groups = yes
2485 winbind separator = /
2486 include system krb5 conf = no
2488 # min receivefile size = 4000
2492 smbd:sharedelay = 100000
2493 smbd:writetimeupdatedelay = 500000
2497 store dos attributes = yes
2503 vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit
2505 full_audit:syslog = no
2506 full_audit:success = none
2507 full_audit:failure = none
2510 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
2511 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
2512 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
2513 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
2514 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
2515 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
2516 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
2518 print notify backchannel = yes
2520 ncalrpc dir = $prefix_abs/ncalrpc
2522 # The samba3.blackbox.smbclient_s3 test uses this to test that
2523 # sending messages works, and that the %m sub works.
2524 message command = mv %s $shrdir/message.%m
2526 # fsrvp server requires registry shares
2527 registry shares = yes
2529 # Used by RPC SRVSVC tests
2530 add share command = $bindir_abs/smbaddshare
2531 change share command = $bindir_abs/smbchangeshare
2532 delete share command = $bindir_abs/smbdeleteshare
2534 # fruit:copyfile is a global option
2535 fruit:copyfile = yes
2537 #this does not mean that we use non-secure test env,
2538 #it just means we ALLOW one to be configured.
2539 allow insecure wide links = yes
2541 include = $globalinjectconf
2543 # Begin extra options
2547 #Include user defined custom parameters if set
2550 if (defined($ENV{INCLUDE_CUSTOM_CONF})) {
2551 print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n";
2556 path = $smbcacls_share
2557 comment = smb username is [%U]
2560 [smbcacls_sharedir_dfs]
2561 path = $smbcacls_sharedir_dfs
2562 comment = smb username is [%U]
2565 comment = smb username is [%U]
2568 comment = Load dirsort module
2569 vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot
2572 comment = encrypt smb username is [%U]
2573 server smb encrypt = required
2574 vfs objects = dirsort
2584 force user = $unix_name
2586 [forceuser_unixonly]
2587 comment = force a user with unix user SID and group SID
2589 force user = pdbtest
2591 [forceuser_wkngroup]
2592 comment = force a user with well-known group SID
2594 force user = pdbtest_wkn
2598 force group = nogroup
2604 path = $noperm_shrdir
2610 write list = $unix_name
2613 valid users = $unix_name
2614 access based share enum = yes
2616 path = $msdfs_shrdir
2618 msdfs shuffle referrals = yes
2622 hide unreadable = yes
2625 case sensitive = yes
2628 hide unwriteable files = yes
2631 kernel share modes = no
2645 default devmode = no
2649 print command = $self->{srcdir}/source3/script/tests/printing/printing_var_exp_lpr_cmd.sh \"Windows user: %U\" \"UNIX user: %u\" \"Domain: %D\"
2656 comment = smb username is [%U]
2658 nfs4acl_xattr:version = 40
2659 vfs objects = nfs4acl_xattr xattr_tdb
2661 [nfs4acl_special_40]
2663 comment = smb username is [%U]
2665 nfs4acl_xattr:version = 40
2666 vfs objects = nfs4acl_xattr xattr_tdb
2670 comment = smb username is [%U]
2672 vfs objects = nfs4acl_xattr xattr_tdb
2676 comment = smb username is [%U]
2677 vfs objects = nfs4acl_xattr xattr_tdb
2679 nfs4acl_xattr:encoding = xdr
2680 nfs4acl_xattr:version = 40
2684 comment = smb username is [%U]
2685 vfs objects = nfs4acl_xattr xattr_tdb
2687 nfs4acl_xattr:encoding = xdr
2688 nfs4acl_xattr:version = 41
2692 comment = smb username is [%U]
2693 vfs objects = nfs4acl_xattr xattr_tdb
2695 nfs4acl_xattr:encoding = nfs
2696 nfs4acl_xattr:version = 40
2697 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
2701 comment = smb username is [%U]
2702 vfs objects = nfs4acl_xattr xattr_tdb
2704 nfs4acl_xattr:encoding = nfs
2705 nfs4acl_xattr:version = 41
2706 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
2710 comment = smb username is [%U]
2712 force create mode = 777
2715 comment = smb username is [%U]
2717 force create mode = 0
2718 directory mask = 0777
2719 force directory mode = 0
2720 vfs objects = xattr_tdb streams_depot
2731 vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb
2732 fruit:resource = file
2733 fruit:metadata = netatalk
2734 fruit:locking = netatalk
2735 fruit:encoding = native
2736 fruit:veto_appledouble = no
2740 # This is used by vfs.fruit tests that require real fs xattr
2741 vfs objects = catia fruit streams_xattr acl_xattr
2742 fruit:resource = file
2743 fruit:metadata = netatalk
2744 fruit:locking = netatalk
2745 fruit:encoding = native
2746 fruit:veto_appledouble = no
2748 [vfs_fruit_metadata_stream]
2750 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2751 fruit:resource = file
2752 fruit:metadata = stream
2753 fruit:veto_appledouble = no
2755 [vfs_fruit_stream_depot]
2757 vfs objects = fruit streams_depot acl_xattr xattr_tdb
2758 fruit:resource = stream
2759 fruit:metadata = stream
2760 fruit:veto_appledouble = no
2764 vfs objects = streams_xattr acl_xattr xattr_tdb
2766 [vfs_wo_fruit_stream_depot]
2768 vfs objects = streams_depot acl_xattr xattr_tdb
2770 [vfs_fruit_timemachine]
2772 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2773 fruit:resource = file
2774 fruit:metadata = stream
2775 fruit:time machine = yes
2776 fruit:time machine max size = 32K
2778 [vfs_fruit_wipe_intentionally_left_blank_rfork]
2780 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2781 fruit:resource = file
2782 fruit:metadata = stream
2783 fruit:wipe_intentionally_left_blank_rfork = true
2784 fruit:delete_empty_adfiles = false
2785 fruit:veto_appledouble = no
2787 [vfs_fruit_delete_empty_adfiles]
2789 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2790 fruit:resource = file
2791 fruit:metadata = stream
2792 fruit:wipe_intentionally_left_blank_rfork = true
2793 fruit:delete_empty_adfiles = true
2794 fruit:veto_appledouble = no
2796 [vfs_fruit_zero_fileid]
2798 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2799 fruit:resource = file
2800 fruit:metadata = stream
2801 fruit:zero_file_id=yes
2804 path = $badnames_shrdir
2808 path = $manglenames_shrdir
2812 path = $shrdir/dynamic/%t
2814 root preexec = mkdir %P
2817 path = $widelinks_shrdir
2822 path = $fsrvp_shrdir
2823 comment = fake shapshots using rsync
2824 vfs objects = shell_snap shadow_copy2
2825 shell_snap:check path command = $fake_snap_pl --check
2826 shell_snap:create command = $fake_snap_pl --create
2827 shell_snap:delete command = $fake_snap_pl --delete
2828 # a relative path here fails, the snapshot dir is no longer found
2829 shadow:snapdir = $fsrvp_shrdir/.snapshots
2832 path = $shadow_shrdir
2833 comment = previous versions snapshots under mount point
2834 vfs objects = shadow_copy2
2835 shadow:mountpoint = $shadow_mntdir
2838 path = $shadow_shrdir
2839 comment = previous versions snapshots outside mount point
2840 vfs objects = shadow_copy2
2841 shadow:mountpoint = $shadow_mntdir
2842 shadow:snapdir = $shadow_tstdir/.snapshots
2845 path = $shadow_shrdir
2846 comment = previous versions with subvolume snapshots, snapshots under base dir
2847 vfs objects = shadow_copy2
2848 shadow:mountpoint = $shadow_mntdir
2849 shadow:basedir = $shadow_basedir
2850 shadow:snapdir = $shadow_basedir/.snapshots
2853 path = $shadow_shrdir
2854 comment = previous versions with subvolume snapshots, snapshots outside mount point
2855 vfs objects = shadow_copy2
2856 shadow:mountpoint = $shadow_mntdir
2857 shadow:basedir = $shadow_basedir
2858 shadow:snapdir = $shadow_tstdir/.snapshots
2861 path = $shadow_shrdir
2862 comment = previous versions at volume root snapshots under mount point
2863 vfs objects = shadow_copy2
2864 shadow:mountpoint = $shadow_shrdir
2867 path = $shadow_shrdir
2868 comment = previous versions at volume root snapshots outside mount point
2869 vfs objects = shadow_copy2
2870 shadow:mountpoint = $shadow_shrdir
2871 shadow:snapdir = $shadow_tstdir/.snapshots
2874 path = $shadow_shrdir
2875 comment = previous versions snapshots everywhere
2876 vfs objects = shadow_copy2
2877 shadow:mountpoint = $shadow_mntdir
2878 shadow:snapdirseverywhere = yes
2881 path = $shadow_shrdir
2882 comment = previous versions using snapsharepath
2883 vfs objects = shadow_copy2
2884 shadow:mountpoint = $shadow_mntdir
2885 shadow:snapdir = $shadow_tstdir/.snapshots
2886 shadow:snapsharepath = share
2889 comment = Testing shadow:format with default option
2890 vfs object = shadow_copy2
2891 path = $shadow_shrdir
2894 shadow:mountpoint = $shadow_mntdir
2895 shadow:basedir = $shadow_basedir
2896 shadow:snapdir = $shadow_basedir/.snapshots
2897 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
2900 comment = Testing shadow:format with only date component
2901 vfs object = shadow_copy2
2902 path = $shadow_shrdir
2905 shadow:mountpoint = $shadow_mntdir
2906 shadow:basedir = $shadow_basedir
2907 shadow:snapdir = $shadow_basedir/.snapshots
2908 shadow:format = \@GMT-%Y-%m-%d
2911 comment = Testing shadow:format with some hardcoded prefix
2912 vfs object = shadow_copy2
2913 path = $shadow_shrdir
2916 shadow:mountpoint = $shadow_mntdir
2917 shadow:basedir = $shadow_basedir
2918 shadow:snapdir = $shadow_basedir/.snapshots
2919 shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S
2922 comment = Testing shadow:format with modified format
2923 vfs object = shadow_copy2
2924 path = $shadow_shrdir
2927 shadow:mountpoint = $shadow_mntdir
2928 shadow:basedir = $shadow_basedir
2929 shadow:snapdir = $shadow_basedir/.snapshots
2930 shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap
2933 comment = Testing shadow:snapprefix regex
2934 vfs object = shadow_copy2
2935 path = $shadow_shrdir
2938 shadow:mountpoint = $shadow_mntdir
2939 shadow:basedir = $shadow_basedir
2940 shadow:snapdir = $shadow_basedir/.snapshots
2941 shadow:snapprefix = \^s[a-z]*p\$
2942 shadow:format = _GMT-%Y.%m.%d-%H.%M.%S
2945 comment = Testing shadow:snapprefix with delim regex
2946 vfs object = shadow_copy2
2947 path = $shadow_shrdir
2950 shadow:mountpoint = $shadow_mntdir
2951 shadow:basedir = $shadow_basedir
2952 shadow:snapdir = $shadow_basedir/.snapshots
2953 shadow:delimiter = \@GMT
2954 shadow:snapprefix = [a-z]*
2955 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
2958 path = $shadow_shrdir
2959 comment = previous versions with wide links allowed
2960 vfs objects = shadow_copy2
2961 shadow:mountpoint = $shadow_mntdir
2965 path = $shadow_tstdir
2966 comment = previous versions snapshots under mount point
2967 vfs objects = shadow_copy2 streams_xattr error_inject
2969 error_inject:pwrite = EBADF
2970 shadow:mountpoint = $shadow_tstdir
2973 path = $shrdir/dfree
2974 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
2975 admin users = $unix_name
2976 include = $dfqconffile
2978 path = $shrdir/dfree
2979 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
2980 admin users = $unix_name
2981 include = $dfqconffile
2982 dfree cache time = 60
2984 path = $shrdir/dfree
2985 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
2987 include = $dfqconffile
2989 path = $shrdir/quota
2990 admin users = $unix_name
2992 [acl_xattr_ign_sysacl_posix]
2994 acl_xattr:ignore system acls = yes
2995 acl_xattr:default acl style = posix
2996 [acl_xattr_ign_sysacl_windows]
2998 acl_xattr:ignore system acls = yes
2999 acl_xattr:default acl style = windows
3003 mangled names = illegal
3007 path = $nosymlinks_shrdir
3008 follow symlinks = no
3012 path = $local_symlinks_shrdir
3013 follow symlinks = yes
3017 kernel oplocks = yes
3018 vfs objects = streams_xattr xattr_tdb
3022 vfs objects = streams_xattr xattr_tdb
3026 smbd:find async delay usec = 10000
3029 vfs objects = error_inject
3030 include = $errorinjectconf
3034 vfs objects = delay_inject
3035 kernel share modes = no
3038 include = $delayinjectconf
3042 vfs objects = delay_inject
3043 delay_inject:pread_send = 2000
3044 delay_inject:pwrite_send = 2000
3048 vfs objects = delay_inject
3049 delay_inject:brl_lock_windows = 90
3050 delay_inject:brl_lock_windows_use_timer = yes
3054 vfs objects = delay_inject
3055 delay_inject:brl_lock_windows = 90
3056 delay_inject:brl_lock_windows_use_timer = no
3059 path = $prefix_abs/share
3060 delete readonly = yes
3063 path = $prefix_abs/share
3065 server smb encrypt = desired
3068 path = $prefix_abs/share
3070 server smb encrypt = off
3074 honor change notify privilege = yes
3076 [acls_non_canonical]
3078 acl flag inherited canonicalization = no
3083 my $net = Samba::bindir_path($self, "net");
3085 $cmd .= "UID_WRAPPER_ROOT=1 ";
3086 $cmd .= "SMB_CONF_PATH=\"$conffile\" ";
3087 $cmd .= "$net setlocalsid $samsid";
3089 my $net_ret = system($cmd);
3090 if ($net_ret != 0) {
3091 warn("net setlocalsid failed: $net_ret\n$cmd");
3095 unless (open(ERRORCONF, ">$errorinjectconf")) {
3096 warn("Unable to open $errorinjectconf");
3101 unless (open(DELAYCONF, ">$delayinjectconf")) {
3102 warn("Unable to open $delayinjectconf");
3107 unless (open(DFQCONF, ">$dfqconffile")) {
3108 warn("Unable to open $dfqconffile");
3113 unless (open(DELAYCONF, ">$globalinjectconf")) {
3114 warn("Unable to open $globalinjectconf");
3120 ## create a test account
3123 unless (open(PASSWD, ">$nss_wrapper_passwd")) {
3124 warn("Unable to open $nss_wrapper_passwd");
3127 print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
3128 $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
3129 pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
3130 pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
3131 userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
3132 pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
3133 force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
3134 smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false
3135 user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
3136 user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
3137 gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false
3138 eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
3139 slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
3141 if ($unix_uid != 0) {
3142 print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
3147 unless (open(GROUP, ">$nss_wrapper_group")) {
3148 warn("Unable to open $nss_wrapper_group");
3151 print GROUP "nobody:x:$gid_nobody:
3152 nogroup:x:$gid_nogroup:nobody
3153 $unix_name-group:x:$unix_gids[0]:
3154 domusers:X:$gid_domusers:
3155 domadmins:X:$gid_domadmins:
3156 userdup:x:$gid_userdup:$unix_name
3157 everyone:x:$gid_everyone:
3158 force_user:x:$gid_force_user:
3160 if ($unix_gids[0] != 0) {
3161 print GROUP "root:x:$gid_root:
3168 my $hostname = lc($server);
3169 unless (open(HOSTS, ">>$nss_wrapper_hosts")) {
3170 warn("Unable to open $nss_wrapper_hosts");
3173 print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n";
3174 print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n";
3177 $resolv_conf = "$privatedir/no_resolv.conf" unless defined($resolv_conf);
3179 foreach my $evlog (@eventlog_list) {
3180 my $evlogtdb = "$eventlogdir/$evlog.tdb";
3181 open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb");
3185 $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
3186 $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
3187 $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
3188 $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
3189 if ($ENV{SAMBA_DNS_FAKING}) {
3190 $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
3192 $createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf;
3194 $createuser_env{RESOLV_CONF} = $resolv_conf;
3196 createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user");
3197 createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user");
3198 createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user");
3199 createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1");
3200 createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2");
3201 createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
3202 createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
3203 createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
3205 open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
3206 print DNS_UPDATE_LIST "A $server. $server_ip\n";
3207 print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n";
3208 close(DNS_UPDATE_LIST);
3212 $ret{SERVER_IP} = $server_ip;
3213 $ret{SERVER_IPV6} = $server_ipv6;
3214 $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
3215 $ret{NMBD_TEST_LOG_POS} = 0;
3216 $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log";
3217 $ret{WINBINDD_TEST_LOG_POS} = 0;
3218 $ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log";
3219 $ret{SMBD_TEST_LOG_POS} = 0;
3220 $ret{SERVERCONFFILE} = $conffile;
3221 $ret{TESTENV_DIR} = $prefix_abs;
3222 $ret{CONFIGURATION} ="--configfile=$conffile";
3223 $ret{LOCK_DIR} = $lockdir;
3224 $ret{SERVER} = $server;
3225 $ret{USERNAME} = $unix_name;
3226 $ret{USERID} = $unix_uid;
3227 $ret{DOMAIN} = $domain;
3228 $ret{SAMSID} = $samsid;
3229 $ret{NETBIOSNAME} = $server;
3230 $ret{PASSWORD} = $password;
3231 $ret{PIDDIR} = $piddir;
3232 $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir;
3233 $ret{NMBD_SOCKET_DIR} = $nmbdsockdir;
3234 $ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface;
3235 $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
3236 $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
3237 $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
3238 $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
3239 $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self);
3240 $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind";
3241 if ($ENV{SAMBA_DNS_FAKING}) {
3242 $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
3244 $ret{RESOLV_WRAPPER_CONF} = $resolv_conf;
3246 $ret{RESOLV_CONF} = $resolv_conf;
3247 $ret{LOCAL_PATH} = "$shrdir";
3248 $ret{LOGDIR} = $logdir;
3251 # Avoid hitting system krb5.conf -
3252 # An env that needs Kerberos will reset this to the real
3255 $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
3257 # Define KRB5CCNAME for each environment we set up
3258 $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache";
3259 $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE};
3264 sub wait_for_start($$$$$)
3266 my ($self, $envvars, $nmbd, $winbindd, $smbd) = @_;
3271 if ($nmbd eq "yes") {
3274 # give time for nbt server to register its names
3275 print "checking for nmbd\n";
3277 # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init
3278 my $nmblookup = Samba::bindir_path($self, "nmblookup");
3281 $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}");
3285 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__");
3286 system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__");
3287 system("$nmblookup $envvars->{CONFIGURATION} -U 10.255.255.255 __SAMBA__");
3288 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
3291 } while ($ret != 0 && $count < 10);
3293 print "NMBD not reachable after 10 retries\n";
3294 teardown_env($self, $envvars);
3299 if ($winbindd eq "yes") {
3300 print "checking for winbindd\n";
3302 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3303 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3304 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3305 $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc";
3308 $ret = system($cmd);
3313 } while ($ret != 0 && $count < 20);
3315 print "WINBINDD not reachable after 20 seconds\n";
3316 teardown_env($self, $envvars);
3321 if ($smbd eq "yes") {
3322 # make sure smbd is also up set
3323 print "wait for smbd\n";
3327 if (defined($envvars->{GNUTLS_FORCE_FIPS_MODE})) {
3328 # We don't have NTLM in FIPS mode, so lets use
3329 # smbcontrol instead of smbclient.
3330 $cmd = Samba::bindir_path($self, "smbcontrol");
3331 $cmd .= " $envvars->{CONFIGURATION}";
3332 $cmd .= " smbd ping";
3334 # This uses NTLM which is not available in FIPS
3335 $cmd = Samba::bindir_path($self, "smbclient");
3336 $cmd .= " $envvars->{CONFIGURATION}";
3337 $cmd .= " -L $envvars->{SERVER}";
3339 $cmd .= " -I $envvars->{SERVER_IP}";
3343 $ret = system($cmd);
3348 } while ($ret != 0 && $count < 20);
3350 print "SMBD failed to start up in a reasonable time (20sec)\n";
3351 teardown_env($self, $envvars);
3356 # Ensure we have domain users mapped.
3357 $netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3358 $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3359 $netcmd .= "UID_WRAPPER_ROOT='1' ";
3360 $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
3362 $cmd = $netcmd . "groupmap delete ntgroup=domusers";
3363 $ret = system($cmd);
3365 $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
3366 $ret = system($cmd);
3368 print("\"$cmd\" failed\n");
3372 $cmd = $netcmd . "groupmap delete ntgroup=domadmins";
3373 $ret = system($cmd);
3375 $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
3376 $ret = system($cmd);
3378 print("\"$cmd\" failed\n");
3382 $cmd = $netcmd . "groupmap delete ntgroup=everyone";
3383 $ret = system($cmd);
3385 $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
3386 $ret = system($cmd);
3388 print("\"$cmd\" failed\n");
3392 # note: creating builtin groups requires winbindd for the
3394 my $create_builtin_users = "no";
3395 if ($winbindd eq "yes") {
3396 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3397 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3398 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3399 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
3400 my $wbinfo_out = qx($cmd 2>&1);
3402 # wbinfo doesn't give us a better error code then
3403 # WBC_ERR_DOMAIN_NOT_FOUND, but at least that's
3404 # different then WBC_ERR_WINBIND_NOT_AVAILABLE
3405 if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) {
3406 print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out");
3407 teardown_env($self, $envvars);
3410 $create_builtin_users = "yes";
3413 if ($create_builtin_users eq "yes") {
3414 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3415 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3416 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3417 $cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
3418 $cmd .= "sam createbuiltingroup Users";
3419 $ret = system($cmd);
3421 print "Failed to create BUILTIN\\Users group\n";
3422 teardown_env($self, $envvars);
3426 $cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
3427 $cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545";
3430 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3431 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3432 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3433 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
3434 $ret = system($cmd);
3436 print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n";
3437 teardown_env($self, $envvars);
3442 print $self->getlog_env($envvars);
3448 ## provision and start of ctdb
3452 my ($self, $prefix) = @_;
3455 my $data = $self->provision_ctdb($prefix, $num_nodes);
3456 $data or return undef;
3458 my $rc = $self->check_or_start_ctdb($data);
3460 print("check_or_start_ctdb() failed\n");
3464 $rc = $self->wait_for_start_ctdb($data);
3466 print "Cluster startup failed\n";
3473 sub provision_ctdb($$$$)
3475 my ($self, $prefix, $num_nodes, $no_delete_prefix) = @_;
3478 print "PROVISIONING CTDB...\n";
3480 my $prefix_abs = abs_path($prefix);
3483 # check / create directories:
3485 die ("prefix_abs = ''") if $prefix_abs eq "";
3486 die ("prefix_abs = '/'") if $prefix_abs eq "/";
3488 mkdir ($prefix_abs, 0777);
3490 print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n";
3492 if (not defined($no_delete_prefix) or not $no_delete_prefix) {
3493 system("rm -rf $prefix_abs/*");
3500 for (my $i = 0; $i < $num_nodes; $i++) {
3502 my $server_name = "ctdb${i}";
3503 my $pub_iface = Samba::get_interface($server_name);
3504 my $ip = Samba::get_ipv4_addr($server_name);
3506 $node{NODE_NUMBER} = "$i";
3507 $node{SERVER_NAME} = "$server_name";
3508 $node{SOCKET_WRAPPER_DEFAULT_IFACE} = "$pub_iface";
3511 push(@nodes, \%node);
3517 my $nodes_file = "$prefix/nodes.in";
3518 unless (open(NODES, ">$nodes_file")) {
3519 warn("Unable to open nodesfile '$nodes_file'");
3522 for (my $i = 0; $i < $num_nodes; $i++) {
3523 my $ip = $nodes[$i]->{IP};
3524 print NODES "${ip}\n";
3529 # local_daemons.sh setup
3531 # Socket wrapper setup is done by selftest.pl, so don't use
3532 # the CTDB-specific setup
3535 $cmd .= "ctdb/tests/local_daemons.sh " . $prefix_abs . " setup";
3536 $cmd .= " -n " . $num_nodes;
3537 $cmd .= " -N " . $nodes_file;
3538 # CTDB should not attempt to manage public addresses -
3539 # clients should just connect to CTDB private addresses
3540 $cmd .= " -P " . "/dev/null";
3542 my $ret = system($cmd);
3544 print("\"$cmd\" failed\n");
3549 # Unix domain socket and node directory for each daemon
3551 for (my $i = 0; $i < $num_nodes; $i++) {
3552 my ($cmd, $ret, $out);
3554 my $cmd_prefix = "ctdb/tests/local_daemons.sh ${prefix_abs}";
3560 $cmd = "${cmd_prefix} print-socket ${i}";
3565 print("\"$cmd\" failed\n");
3569 $nodes[$i]->{SOCKET_FILE} = "$out";
3575 $cmd = "${cmd_prefix} onnode ${i} 'echo \$CTDB_BASE'";
3580 print("\"$cmd\" failed\n");
3584 $nodes[$i]->{NODE_PREFIX} = "$out";
3589 $ret{CTDB_PREFIX} = "$prefix";
3590 $ret{NUM_NODES} = $num_nodes;
3591 $ret{CTDB_NODES} = \@nodes;
3592 $ret{CTDB_NODES_FILE} = $nodes_file;
3597 sub check_or_start_ctdb($$) {
3598 my ($self, $data) = @_;
3600 my $prefix = $data->{CTDB_PREFIX};
3601 my $num_nodes = $data->{NUM_NODES};
3602 my $nodes = $data->{CTDB_NODES};
3605 # Share a single stdin pipe for all nodes
3606 pipe($STDIN_READER, $data->{CTDB_STDIN_PIPE});
3608 for (my $i = 0; $i < $num_nodes; $i++) {
3609 my $node = $nodes->[$i];
3611 $node->{STDIN_PIPE} = $data->{CTDB_STDIN_PIPE};
3613 my $cmd = "ctdb/tests/local_daemons.sh";
3614 my @full_cmd = ("$cmd", "$prefix", "start", "$i");
3617 BINARY_PATH => $cmd,
3618 FULL_CMD => [ @full_cmd ],
3620 LOG_FILE => "/dev/null",
3624 print "STARTING CTDBD (node ${i})\n";
3626 # This does magic with $STDIN_READER, so use it
3627 my $ret = Samba::fork_and_exec($self,
3633 print("\"$cmd\" failed\n");
3634 teardown_env_ctdb($self, $data);
3639 close($STDIN_READER);
3644 sub wait_for_start_ctdb($$)
3646 my ($self, $data) = @_;
3648 my $prefix = $data->{CTDB_PREFIX};
3650 print "Wait for ctdbd...\n";
3652 my $ctdb = Samba::bindir_path($self, "ctdb");
3654 $cmd .= "ctdb/tests/local_daemons.sh ${prefix} onnode all";
3655 $cmd .= " ${ctdb} nodestatus all 2>&1";
3658 my $wait_seconds = 60;
3661 until ($count > $wait_seconds) {
3665 print "\ncluster became healthy\n";
3668 print "Waiting for CTDB...\n";
3673 if ($count > $wait_seconds) {
3674 print "\nGiving up to wait for CTDB...\n";
3676 print "CTDB log:\n";
3677 $cmd = "ctdb/tests/local_daemons.sh ${prefix} print-log all >&2";
3679 teardown_env_ctdb($self, $data);
3683 print "\nCTDB initialized\n";