2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
10 use FindBin qw($RealBin);
17 my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
24 server_maxtime => $server_maxtime,
25 target3 => new Samba3($bindir, $srcdir, $server_maxtime)
31 sub scriptdir_path($$) {
32 my ($self, $path) = @_;
33 return "$self->{srcdir}/source4/scripting/$path";
36 sub openldap_start($$$) {
42 my ($self, $env_vars, $STDIN_READER) = @_;
43 my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
45 my $uri = $env_vars->{LDAP_URI};
47 if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
48 print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
51 # running slapd in the background means it stays in the same process group, so it can be
55 open STDOUT, ">$env_vars->{LDAPDIR}/logs";
56 open STDERR, '>&STDOUT';
57 close($env_vars->{STDIN_PIPE});
58 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
60 if ($self->{ldap} eq "fedora-ds") {
61 exec("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd", "-D", $env_vars->{FEDORA_DS_DIR}, "-d0", "-i", $env_vars->{FEDORA_DS_PIDFILE});
62 } elsif ($self->{ldap} eq "openldap") {
63 exec($ENV{OPENLDAP_SLAPD}, "-dnone", "-F", $env_vars->{SLAPD_CONF_D}, "-h", $uri);
65 die("Unable to start slapd: $!");
67 $env_vars->{SLAPD_PID} = $pid;
69 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
72 $self->slapd_stop($env_vars);
82 my ($self, $envvars) = @_;
83 kill 9, $envvars->{SLAPD_PID};
87 sub check_or_start($$$)
89 my ($self, $env_vars, $process_model) = @_;
92 my $env_ok = $self->check_env($env_vars);
94 return $env_vars->{SAMBA_PID};
97 # use a pipe for stdin in the child processes. This allows
98 # those processes to monitor the pipe for EOF to ensure they
99 # exit when the test script exits
100 pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
102 # Start slapd before samba, but with the fifo on stdin
103 if (defined($self->{ldap})) {
104 unless($self->slapd_start($env_vars, $STDIN_READER)) {
105 warn("couldn't start slapd (main run)");
110 print "STARTING SAMBA...";
113 # we want out from samba to go to the log file, but also
114 # to the users terminal when running 'make test' on the command
115 # line. This puts it on stderr on the terminal
116 open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
117 open STDERR, '>&STDOUT';
119 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
121 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
122 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
123 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
125 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
126 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
127 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS};
128 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH};
129 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX};
131 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) {
132 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF};
134 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
137 $ENV{UID_WRAPPER} = "1";
138 $ENV{UID_WRAPPER_ROOT} = "1";
140 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba");
143 if (defined($ENV{SAMBA_OPTIONS})) {
144 @optargs = split(/ /, $ENV{SAMBA_OPTIONS});
146 if(defined($ENV{SAMBA_VALGRIND})) {
147 @preargs = split(/ /,$ENV{SAMBA_VALGRIND});
150 close($env_vars->{STDIN_PIPE});
151 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
153 exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
155 $env_vars->{SAMBA_PID} = $pid;
156 print "DONE ($pid)\n";
158 close($STDIN_READER);
160 if ($self->wait_for_start($env_vars) != 0) {
161 warn("Samba $pid failed to start up");
168 sub wait_for_start($$)
170 my ($self, $testenv_vars) = @_;
173 if (not $self->check_env($testenv_vars)) {
174 warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running");
178 # give time for nbt server to register its names
179 print "delaying for nbt name registration\n";
182 # This will return quickly when things are up, but be slow if we
183 # need to wait for (eg) SSL init
184 my $nmblookup = Samba::bindir_path($self, "nmblookup4");
185 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
186 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
187 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
188 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
189 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
190 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
191 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
192 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
193 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
194 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
195 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
196 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
198 # Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
199 if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) {
200 # Add hosts file for name lookups
201 $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
202 if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
203 $ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF};
205 $ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS};
208 print "waiting for working LDAP and a RID Set to be allocated\n";
209 my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
211 my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
212 my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
214 while (system("$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null") != 0) {
223 print $self->getlog_env($testenv_vars);
228 sub write_ldb_file($$$)
230 my ($self, $file, $ldif) = @_;
232 my $ldbadd = Samba::bindir_path($self, "ldbadd");
233 open(LDIF, "|$ldbadd -H $file >/dev/null");
238 sub add_wins_config($$)
240 my ($self, $privatedir) = @_;
242 return $self->write_ldb_file("$privatedir/wins_config.ldb", "
243 dn: name=TORTURE_11,CN=PARTNERS
244 objectClass: wreplPartner
255 my ($self, $ctx) = @_;
257 #Make the subdirectory be as fedora DS would expect
258 my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
260 my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
262 return ($fedora_ds_dir, $pidfile);
267 my ($self, $ctx) = @_;
269 my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
270 my $pidfile = "$ctx->{ldapdir}/slapd.pid";
272 return ($slapd_conf_d, $pidfile);
275 sub setup_namespaces($$:$$)
277 my ($self, $localenv, $upn_array, $spn_array) = @_;
279 @{$upn_array} = [] unless defined($upn_array);
281 foreach my $upn (@{$upn_array}) {
282 $upn_args .= " --add-upn-suffix=$upn";
285 @{$spn_array} = [] unless defined($spn_array);
287 foreach my $spn (@{$spn_array}) {
288 $spn_args .= " --add-spn-suffix=$spn";
291 my $samba_tool = Samba::bindir_path($self, "samba-tool");
294 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
295 if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
296 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
298 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
300 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
302 my $cmd_config = " $localenv->{CONFIGURATION}";
304 my $namespaces = $cmd_env;
305 $namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args";
306 $namespaces .= $cmd_config;
307 unless (system($namespaces) == 0) {
308 warn("Failed to add namespaces \n$namespaces");
315 sub setup_trust($$$$$)
317 my ($self, $localenv, $remoteenv, $type, $extra_args) = @_;
319 $localenv->{TRUST_SERVER} = $remoteenv->{SERVER};
320 $localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP};
321 $localenv->{TRUST_SERVER_IPV6} = $remoteenv->{SERVER_IPV6};
322 $localenv->{TRUST_NETBIOSNAME} = $remoteenv->{NETBIOSNAME};
323 $localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME};
324 $localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD};
325 $localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN};
326 $localenv->{TRUST_REALM} = $remoteenv->{REALM};
328 my $samba_tool = Samba::bindir_path($self, "samba-tool");
331 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
332 if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
333 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
335 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
337 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
339 my $cmd_config = " $localenv->{CONFIGURATION}";
340 my $cmd_creds = $cmd_config;
341 $cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}";
343 my $create = $cmd_env;
344 $create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}";
345 $create .= " $extra_args";
346 $create .= $cmd_creds;
347 unless (system($create) == 0) {
348 warn("Failed to create trust \n$create");
355 sub provision_raw_prepare($$$$$$$$$$$)
357 my ($self, $prefix, $server_role, $hostname,
358 $domain, $realm, $functional_level,
359 $password, $kdc_ipv4, $kdc_ipv6) = @_;
361 my $netbiosname = uc($hostname);
363 unless(-d $prefix or mkdir($prefix, 0777)) {
364 warn("Unable to create $prefix");
367 my $prefix_abs = abs_path($prefix);
369 die ("prefix=''") if $prefix_abs eq "";
370 die ("prefix='/'") if $prefix_abs eq "/";
372 unless (system("rm -rf $prefix_abs/*") == 0) {
373 warn("Unable to clean up");
377 my $swiface = Samba::get_interface($hostname);
379 $ctx->{prefix} = $prefix;
380 $ctx->{prefix_abs} = $prefix_abs;
382 $ctx->{server_role} = $server_role;
383 $ctx->{hostname} = $hostname;
384 $ctx->{netbiosname} = $netbiosname;
385 $ctx->{swiface} = $swiface;
386 $ctx->{password} = $password;
387 $ctx->{kdc_ipv4} = $kdc_ipv4;
388 $ctx->{kdc_ipv6} = $kdc_ipv6;
391 # Set smbd log level here.
393 $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
394 $ctx->{username} = "Administrator";
395 $ctx->{domain} = $domain;
396 $ctx->{realm} = uc($realm);
397 $ctx->{dnsname} = lc($realm);
399 $ctx->{functional_level} = $functional_level;
401 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
403 $ctx->{unix_name} = $unix_name;
404 $ctx->{unix_uid} = $>;
405 my @mygid = split(" ", $();
406 $ctx->{unix_gid} = $mygid[0];
407 $ctx->{unix_gids_str} = $);
408 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
410 $ctx->{etcdir} = "$prefix_abs/etc";
411 $ctx->{piddir} = "$prefix_abs/pid";
412 $ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
413 $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
414 $ctx->{privatedir} = "$prefix_abs/private";
415 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
416 $ctx->{lockdir} = "$prefix_abs/lockdir";
417 $ctx->{logdir} = "$prefix_abs/logs";
418 $ctx->{statedir} = "$prefix_abs/statedir";
419 $ctx->{cachedir} = "$prefix_abs/cachedir";
420 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
421 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
422 $ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
423 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
424 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
425 $ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts";
426 if ($ENV{SAMBA_DNS_FAKING}) {
427 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
428 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}";
430 $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf";
431 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}";
434 $ctx->{tlsdir} = "$ctx->{privatedir}/tls";
436 $ctx->{ipv4} = "127.0.0.$swiface";
437 $ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
438 $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
440 push(@{$ctx->{directories}}, $ctx->{privatedir});
441 push(@{$ctx->{directories}}, $ctx->{etcdir});
442 push(@{$ctx->{directories}}, $ctx->{piddir});
443 push(@{$ctx->{directories}}, $ctx->{lockdir});
444 push(@{$ctx->{directories}}, $ctx->{logdir});
445 push(@{$ctx->{directories}}, $ctx->{statedir});
446 push(@{$ctx->{directories}}, $ctx->{cachedir});
448 $ctx->{smb_conf_extra_options} = "";
450 my @provision_options = ();
451 push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
452 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
453 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
454 push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
455 if (defined($ctx->{resolv_conf})) {
456 push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"");
458 push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
460 if (defined($ENV{GDB_PROVISION})) {
461 push (@provision_options, "gdb --args");
462 if (!defined($ENV{PYTHON})) {
463 push (@provision_options, "env");
464 push (@provision_options, "python");
467 if (defined($ENV{VALGRIND_PROVISION})) {
468 push (@provision_options, "valgrind");
469 if (!defined($ENV{PYTHON})) {
470 push (@provision_options, "env");
471 push (@provision_options, "python");
474 if (defined($ENV{PYTHON})) {
475 push (@provision_options, $ENV{PYTHON});
477 push (@provision_options, Samba::bindir_path($self, "samba-tool"));
478 push (@provision_options, "domain");
479 push (@provision_options, "provision");
480 push (@provision_options, "--configfile=$ctx->{smb_conf}");
481 push (@provision_options, "--host-name=$ctx->{hostname}");
482 push (@provision_options, "--host-ip=$ctx->{ipv4}");
483 push (@provision_options, "--quiet");
484 push (@provision_options, "--domain=$ctx->{domain}");
485 push (@provision_options, "--realm=$ctx->{realm}");
486 push (@provision_options, "--adminpass=$ctx->{password}");
487 push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
488 push (@provision_options, "--machinepass=machine$ctx->{password}");
489 push (@provision_options, "--root=$ctx->{unix_name}");
490 push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
491 push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
493 @{$ctx->{provision_options}} = @provision_options;
499 # Step1 creates the basic configuration
501 sub provision_raw_step1($$)
503 my ($self, $ctx) = @_;
505 mkdir($_, 0777) foreach (@{$ctx->{directories}});
508 ## lockdir and piddir must be 0755
510 chmod 0755, $ctx->{lockdir};
511 chmod 0755, $ctx->{piddir};
513 unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
514 warn("can't open $ctx->{smb_conf}$?");
518 Samba::prepare_keyblobs($ctx);
519 my $crlfile = "$ctx->{tlsdir}/crl.pem";
520 $crlfile = "" unless -e ${crlfile};
524 netbios name = $ctx->{netbiosname}
525 posix:eadb = $ctx->{statedir}/eadb.tdb
526 workgroup = $ctx->{domain}
527 realm = $ctx->{realm}
528 private dir = $ctx->{privatedir}
529 pid directory = $ctx->{piddir}
530 ncalrpc dir = $ctx->{ncalrpcdir}
531 lock dir = $ctx->{lockdir}
532 state directory = $ctx->{statedir}
533 cache directory = $ctx->{cachedir}
534 winbindd socket directory = $ctx->{winbindd_socket_dir}
535 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
536 ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
537 winbind separator = /
538 interfaces = $ctx->{interfaces}
539 tls dh params file = $ctx->{tlsdir}/dhparms.pem
540 tls crlfile = ${crlfile}
541 panic action = $RealBin/gdb_backtrace \%d
543 server role = $ctx->{server_role}
544 server services = +echo +smb -s3fs
545 dcerpc endpoint servers = +winreg +srvsvc
546 notify:inotify = false
548 #We don't want to pass our self-tests if the PAC code is wrong
549 gensec:require_pac = true
550 log file = $ctx->{logdir}/log.\%m
551 log level = $ctx->{server_loglevel}
554 dns update command = $ctx->{samba_dnsupdate}
555 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
556 dreplsrv:periodic_startup_interval = 0
557 dsdb:schema update allowed = yes
559 vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
561 # remove this again, when our smb2 client library
562 # supports signin on compound related requests
565 idmap_ldb:use rfc2307=yes
566 winbind enum users = yes
567 winbind enum groups = yes
572 # Begin extra options
573 $ctx->{smb_conf_extra_options}
578 #Default the KDC IP to the server's IP
579 if (not defined($ctx->{kdc_ipv4})) {
580 $ctx->{kdc_ipv4} = $ctx->{ipv4};
582 if (not defined($ctx->{kdc_ipv6})) {
583 $ctx->{kdc_ipv6} = $ctx->{ipv6};
586 Samba::mk_krb5_conf($ctx);
588 open(PWD, ">$ctx->{nsswrap_passwd}");
589 if ($ctx->{unix_uid} != 0) {
590 print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n";
592 print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n";
593 print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
594 pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
595 pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
596 pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
597 pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
600 my $uid_rfc2307test = 65533;
602 open(GRP, ">$ctx->{nsswrap_group}");
603 if ($ctx->{unix_gid} != 0) {
604 print GRP "root:x:0:\n";
606 print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n";
607 print GRP "wheel:x:10:
610 nogroup:x:65534:nobody
613 my $gid_rfc2307test = 65532;
615 my $hostname = lc($ctx->{hostname});
616 open(HOSTS, ">>$ctx->{nsswrap_hosts}");
617 if ($hostname eq "localdc") {
618 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
619 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
621 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n";
622 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n";
626 if (defined($ctx->{resolv_conf})) {
627 open(RESOLV_CONF, ">$ctx->{resolv_conf}");
628 print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n";
629 print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n";
633 my $configuration = "--configfile=$ctx->{smb_conf}";
635 #Ensure the config file is valid before we start
636 my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm";
637 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
638 system("$testparm -v --suppress-prompt $configuration >&2");
639 warn("Failed to create a valid smb.conf configuration $testparm!");
642 unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
643 warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
648 KRB5_CONFIG => $ctx->{krb5_conf},
649 PIDDIR => $ctx->{piddir},
650 SERVER => $ctx->{hostname},
651 SERVER_IP => $ctx->{ipv4},
652 SERVER_IPV6 => $ctx->{ipv6},
653 NETBIOSNAME => $ctx->{netbiosname},
654 DOMAIN => $ctx->{domain},
655 USERNAME => $ctx->{username},
656 REALM => $ctx->{realm},
657 PASSWORD => $ctx->{password},
658 LDAPDIR => $ctx->{ldapdir},
659 LDAP_INSTANCE => $ctx->{ldap_instance},
660 SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
661 NCALRPCDIR => $ctx->{ncalrpcdir},
662 LOCKDIR => $ctx->{lockdir},
663 STATEDIR => $ctx->{statedir},
664 CACHEDIR => $ctx->{cachedir},
665 PRIVATEDIR => $ctx->{privatedir},
666 SERVERCONFFILE => $ctx->{smb_conf},
667 CONFIGURATION => $configuration,
668 SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
669 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
670 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
671 NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts},
672 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
673 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
674 SAMBA_TEST_LOG_POS => 0,
675 NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
676 NSS_WRAPPER_MODULE_FN_PREFIX => "winbind",
677 LOCAL_PATH => $ctx->{share},
678 UID_RFC2307TEST => $uid_rfc2307test,
679 GID_RFC2307TEST => $gid_rfc2307test,
680 SERVER_ROLE => $ctx->{server_role}
683 if (defined($ctx->{resolv_conf})) {
684 $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf};
686 $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
693 # Step2 runs the provision script
695 sub provision_raw_step2($$$)
697 my ($self, $ctx, $ret) = @_;
699 my $provision_cmd = join(" ", @{$ctx->{provision_options}});
700 unless (system($provision_cmd) == 0) {
701 warn("Unable to provision: \n$provision_cmd\n");
705 my $testallowed_account = "testallowed";
706 my $samba_tool_cmd = "";
707 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
708 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
709 . " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
710 unless (system($samba_tool_cmd) == 0) {
711 warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
716 $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
717 $ldbmodify .= Samba::bindir_path($self, "ldbmodify");
718 my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
720 if ($ctx->{server_role} ne "domain controller") {
721 $base_dn = "DC=$ctx->{netbiosname}";
724 my $user_dn = "cn=$testallowed_account,cn=users,$base_dn";
725 $testallowed_account = "testallowed account";
726 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
727 print LDIF "dn: $user_dn
729 replace: samAccountName
730 samAccountName: $testallowed_account
735 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
736 print LDIF "dn: $user_dn
738 replace: userPrincipalName
739 userPrincipalName: testallowed upn\@$ctx->{realm}
740 replace: servicePrincipalName
741 servicePrincipalName: host/testallowed
746 $samba_tool_cmd = "";
747 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
748 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
749 . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
750 unless (system($samba_tool_cmd) == 0) {
751 warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
755 my $user_dn = "cn=testdenied,cn=users,$base_dn";
756 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
757 print LDIF "dn: $user_dn
759 replace: userPrincipalName
760 userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
765 $samba_tool_cmd = "";
766 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
767 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
768 . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
769 unless (system($samba_tool_cmd) == 0) {
770 warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n");
777 sub provision($$$$$$$$$$)
779 my ($self, $prefix, $server_role, $hostname,
780 $domain, $realm, $functional_level,
781 $password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares,
782 $extra_provision_options) = @_;
784 my $ctx = $self->provision_raw_prepare($prefix, $server_role,
786 $domain, $realm, $functional_level,
787 $password, $kdc_ipv4, $kdc_ipv6);
789 if (defined($extra_provision_options)) {
790 push (@{$ctx->{provision_options}}, @{$extra_provision_options});
792 push (@{$ctx->{provision_options}}, "--use-ntvfs");
795 $ctx->{share} = "$ctx->{prefix_abs}/share";
796 push(@{$ctx->{directories}}, "$ctx->{share}");
797 push(@{$ctx->{directories}}, "$ctx->{share}/test1");
798 push(@{$ctx->{directories}}, "$ctx->{share}/test2");
800 # precreate directories for printer drivers
801 push(@{$ctx->{directories}}, "$ctx->{share}/W32X86");
802 push(@{$ctx->{directories}}, "$ctx->{share}/x64");
803 push(@{$ctx->{directories}}, "$ctx->{share}/WIN40");
806 $msdfs = "yes" if ($server_role eq "domain controller");
807 $ctx->{smb_conf_extra_options} = "
810 server max protocol = SMB2
813 allow nt4 crypto = yes
815 # fruit:copyfile is a global option
818 $extra_smbconf_options
823 posix:sharedelay = 100000
824 posix:oplocktimeout = 3
825 posix:writetimeupdatedelay = 500000
830 posix:sharedelay = 100000
831 posix:oplocktimeout = 3
832 posix:writetimeupdatedelay = 500000
834 force create mode = 777
840 force create mode = 0
841 directory mask = 0777
842 force directory mode = 0
845 path = $ctx->{share}/test1
847 posix:sharedelay = 100000
848 posix:oplocktimeout = 3
849 posix:writetimeupdatedelay = 500000
852 path = $ctx->{share}/test2
854 posix:sharedelay = 100000
855 posix:oplocktimeout = 3
856 posix:writetimeupdatedelay = 500000
859 path = $ctx->{share}/_ignore_cifs_
862 cifs:server = $ctx->{netbiosname}
864 cifs:use-s4u2proxy = yes
865 # There is no username specified here, instead the client is expected
866 # to log in with kerberos, and the serverwill use delegated credentials.
867 # Or the server tries s4u2self/s4u2proxy to impersonate the client
872 ntvfs handler = simple
875 path = $ctx->{statedir}/sysvol
879 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
884 ntvfs handler = cifsposix
888 vfs objects = catia fruit streams_xattr acl_xattr
890 fruit:ressource = file
891 fruit:metadata = netatalk
892 fruit:locking = netatalk
893 fruit:encoding = native
895 $extra_smbconf_shares
898 if (defined($self->{ldap})) {
899 $ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
900 push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
902 my $ldap_uri= "$ctx->{ldapdir}/ldapi";
903 $ldap_uri =~ s|/|%2F|g;
904 $ldap_uri = "ldapi://$ldap_uri";
905 $ctx->{ldap_uri} = $ldap_uri;
907 $ctx->{ldap_instance} = lc($ctx->{netbiosname});
910 my $ret = $self->provision_raw_step1($ctx);
911 unless (defined $ret) {
915 if (defined($self->{ldap})) {
916 $ret->{LDAP_URI} = $ctx->{ldap_uri};
917 push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
918 push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
919 if ($self->{ldap} eq "openldap") {
920 push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
921 ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
923 } elsif ($self->{ldap} eq "fedora-ds") {
924 push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
925 push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
926 ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
931 return $self->provision_raw_step2($ctx, $ret);
934 sub provision_s4member($$$)
936 my ($self, $prefix, $dcvars) = @_;
937 print "PROVISIONING MEMBER...";
938 my $extra_smb_conf = "
939 passdb backend = samba_dsdb
940 winbindd:use external pipes = true
942 rpc_server:default = external
943 rpc_server:svcctl = embedded
944 rpc_server:srvsvc = embedded
945 rpc_server:eventlog = embedded
946 rpc_server:ntsvcs = embedded
947 rpc_server:winreg = embedded
948 rpc_server:spoolss = embedded
949 rpc_daemon:spoolssd = embedded
950 rpc_server:tcpip = no
952 my $ret = $self->provision($prefix,
959 $dcvars->{SERVER_IP},
960 $dcvars->{SERVER_IPV6},
961 $extra_smb_conf, "", undef);
966 my $samba_tool = Samba::bindir_path($self, "samba-tool");
968 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
969 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
970 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
972 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
974 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
975 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
976 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
977 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
979 unless (system($cmd) == 0) {
980 warn("Join failed\n$cmd");
984 $ret->{MEMBER_SERVER} = $ret->{SERVER};
985 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
986 $ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6};
987 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
988 $ret->{MEMBER_USERNAME} = $ret->{USERNAME};
989 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
991 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
992 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
993 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
994 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
995 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
996 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1001 sub provision_rpc_proxy($$$)
1003 my ($self, $prefix, $dcvars) = @_;
1004 print "PROVISIONING RPC PROXY...";
1006 my $extra_smbconf_options = "
1007 passdb backend = samba_dsdb
1010 dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
1011 dcerpc endpoint servers = epmapper, remote
1012 dcerpc_remote:interfaces = rpcecho
1015 path = /tmp/_ignore_cifs_to_dc_/_none_
1017 ntvfs handler = cifs
1018 cifs:server = $dcvars->{SERVER}
1020 cifs:use-s4u2proxy = yes
1021 # There is no username specified here, instead the client is expected
1022 # to log in with kerberos, and the serverwill use delegated credentials.
1023 # Or the server tries s4u2self/s4u2proxy to impersonate the client
1027 my $ret = $self->provision($prefix,
1031 "samba.example.com",
1034 $dcvars->{SERVER_IP},
1035 $dcvars->{SERVER_IPV6},
1036 $extra_smbconf_options, "", undef);
1042 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1044 # The joind runs in the context of the rpc_proxy/member for now
1046 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1047 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1048 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1050 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1052 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1053 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
1054 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1055 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
1057 unless (system($cmd) == 0) {
1058 warn("Join failed\n$cmd");
1062 # Setting up delegation runs in the context of the DC for now
1064 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1065 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1066 $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
1067 $cmd .= " $dcvars->{CONFIGURATION}";
1070 unless (system($cmd) == 0) {
1071 warn("Delegation failed\n$cmd");
1075 # Setting up delegation runs in the context of the DC for now
1077 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1078 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1079 $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
1080 $cmd .= " $dcvars->{CONFIGURATION}";
1082 unless (system($cmd) == 0) {
1083 warn("Delegation failed\n$cmd");
1087 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
1088 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
1089 $ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6};
1090 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
1091 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
1092 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
1094 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1095 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1096 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1097 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1098 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1099 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1104 sub provision_promoted_dc($$$)
1106 my ($self, $prefix, $dcvars) = @_;
1107 print "PROVISIONING PROMOTED DC...";
1109 # We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
1110 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1113 "samba.example.com",
1115 $dcvars->{PASSWORD},
1116 $dcvars->{SERVER_IP},
1117 $dcvars->{SERVER_IPV6});
1119 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1121 $ctx->{smb_conf_extra_options} = "
1123 server max protocol = SMB2
1126 path = $ctx->{statedir}/sysvol
1130 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1135 my $ret = $self->provision_raw_step1($ctx);
1140 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1142 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1143 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1144 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1146 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1148 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1149 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
1150 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1151 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
1153 unless (system($cmd) == 0) {
1154 warn("Join failed\n$cmd");
1158 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1160 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1161 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1162 $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1163 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1164 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
1166 unless (system($cmd) == 0) {
1167 warn("Join failed\n$cmd");
1171 $ret->{PROMOTED_DC_SERVER} = $ret->{SERVER};
1172 $ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP};
1173 $ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1174 $ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1176 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1177 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1178 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1179 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1180 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1181 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1186 sub provision_vampire_dc($$$)
1188 my ($self, $prefix, $dcvars) = @_;
1189 print "PROVISIONING VAMPIRE DC...";
1191 # We do this so that we don't run the provision. That's the job of 'net vampire'.
1192 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1195 "samba.example.com",
1197 $dcvars->{PASSWORD},
1198 $dcvars->{SERVER_IP},
1199 $dcvars->{SERVER_IPV6});
1201 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1203 $ctx->{smb_conf_extra_options} = "
1205 server max protocol = SMB2
1208 path = $ctx->{statedir}/sysvol
1212 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1217 my $ret = $self->provision_raw_step1($ctx);
1222 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1224 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1225 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1226 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1228 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1230 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1231 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1232 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
1233 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1235 unless (system($cmd) == 0) {
1236 warn("Join failed\n$cmd");
1240 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
1241 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
1242 $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1243 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1245 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1246 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1247 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1248 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1249 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1250 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1251 $ret->{DC_REALM} = $dcvars->{DC_REALM};
1256 sub provision_subdom_dc($$$)
1258 my ($self, $prefix, $dcvars) = @_;
1259 print "PROVISIONING SUBDOMAIN DC...";
1261 # We do this so that we don't run the provision. That's the job of 'net vampire'.
1262 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1265 "sub.samba.example.com",
1267 $dcvars->{PASSWORD},
1270 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1272 $ctx->{smb_conf_extra_options} = "
1274 server max protocol = SMB2
1277 path = $ctx->{statedir}/sysvol
1281 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1286 my $ret = $self->provision_raw_step1($ctx);
1291 Samba::mk_krb5_conf($ctx);
1293 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1295 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1296 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1297 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1299 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1301 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1302 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
1303 $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
1304 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1305 $cmd .= " --adminpass=$ret->{PASSWORD}";
1307 unless (system($cmd) == 0) {
1308 warn("Join failed\n$cmd");
1312 $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
1313 $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
1314 $ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1315 $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1317 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1318 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1319 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1320 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1321 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1322 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1327 sub provision_ad_dc_ntvfs($$)
1329 my ($self, $prefix) = @_;
1331 # We keep the old 'winbind' name here in server services to
1332 # ensure upgrades which used that name still work with the now
1335 print "PROVISIONING AD DC (NTVFS)...";
1336 my $extra_conf_options = "netbios aliases = localDC1-a
1337 server services = +winbind -winbindd";
1338 my $ret = $self->provision($prefix,
1339 "domain controller",
1342 "samba.example.com",
1347 $extra_conf_options,
1351 return undef unless(defined $ret);
1352 unless($self->add_wins_config("$prefix/private")) {
1353 warn("Unable to add wins configuration");
1356 $ret->{NETBIOSALIAS} = "localdc1-a";
1357 $ret->{DC_SERVER} = $ret->{SERVER};
1358 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1359 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1360 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1361 $ret->{DC_USERNAME} = $ret->{USERNAME};
1362 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1363 $ret->{DC_REALM} = $ret->{REALM};
1368 sub provision_fl2000dc($$)
1370 my ($self, $prefix) = @_;
1372 print "PROVISIONING DC WITH FOREST LEVEL 2000...";
1373 my $ret = $self->provision($prefix,
1374 "domain controller",
1377 "samba2000.example.com",
1386 unless($self->add_wins_config("$prefix/private")) {
1387 warn("Unable to add wins configuration");
1394 sub provision_fl2003dc($$$)
1396 my ($self, $prefix, $dcvars) = @_;
1398 print "PROVISIONING DC WITH FOREST LEVEL 2003...";
1399 my $extra_conf_options = "allow dns updates = nonsecure and secure";
1400 my $ret = $self->provision($prefix,
1401 "domain controller",
1404 "samba2003.example.com",
1409 $extra_conf_options,
1413 unless (defined $ret) {
1417 $ret->{DC_SERVER} = $ret->{SERVER};
1418 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1419 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1420 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1421 $ret->{DC_USERNAME} = $ret->{USERNAME};
1422 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1424 my @samba_tool_options;
1425 push (@samba_tool_options, Samba::bindir_path($self, "samba-tool"));
1426 push (@samba_tool_options, "domain");
1427 push (@samba_tool_options, "passwordsettings");
1428 push (@samba_tool_options, "set");
1429 push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}");
1430 push (@samba_tool_options, "--min-pwd-age=0");
1431 push (@samba_tool_options, "--history-length=1");
1433 my $samba_tool_cmd = join(" ", @samba_tool_options);
1435 unless (system($samba_tool_cmd) == 0) {
1436 warn("Unable to set min password age to 0: \n$samba_tool_cmd\n");
1442 unless($self->add_wins_config("$prefix/private")) {
1443 warn("Unable to add wins configuration");
1450 sub provision_fl2008r2dc($$$)
1452 my ($self, $prefix, $dcvars) = @_;
1454 print "PROVISIONING DC WITH FOREST LEVEL 2008r2...";
1455 my $ret = $self->provision($prefix,
1456 "domain controller",
1459 "samba2008R2.example.com",
1468 unless ($self->add_wins_config("$prefix/private")) {
1469 warn("Unable to add wins configuration");
1477 sub provision_rodc($$$)
1479 my ($self, $prefix, $dcvars) = @_;
1480 print "PROVISIONING RODC...";
1482 # We do this so that we don't run the provision. That's the job of 'net join RODC'.
1483 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1486 "samba.example.com",
1488 $dcvars->{PASSWORD},
1489 $dcvars->{SERVER_IP},
1490 $dcvars->{SERVER_IPV6});
1495 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1497 $ctx->{share} = "$ctx->{prefix_abs}/share";
1498 push(@{$ctx->{directories}}, "$ctx->{share}");
1500 $ctx->{smb_conf_extra_options} = "
1502 server max protocol = SMB2
1505 path = $ctx->{statedir}/sysvol
1509 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1513 path = $ctx->{share}
1515 posix:sharedelay = 10000
1516 posix:oplocktimeout = 3
1517 posix:writetimeupdatedelay = 50000
1521 my $ret = $self->provision_raw_step1($ctx);
1526 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1528 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1529 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1530 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1532 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1534 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1535 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
1536 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1537 $cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs";
1539 unless (system($cmd) == 0) {
1540 warn("RODC join failed\n$cmd");
1544 # This ensures deterministic behaviour for tests that want to have the 'testallowed account'
1545 # user password verified on the RODC
1546 my $testallowed_account = "testallowed account";
1547 $cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1548 $cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}";
1549 $cmd .= " --server=$dcvars->{DC_SERVER}";
1551 unless (system($cmd) == 0) {
1552 warn("RODC join failed\n$cmd");
1556 # we overwrite the kdc after the RODC join
1557 # so that use the RODC as kdc and test
1559 $ctx->{kdc_ipv4} = $ret->{SERVER_IP};
1560 $ctx->{kdc_ipv6} = $ret->{SERVER_IPV6};
1561 Samba::mk_krb5_conf($ctx);
1563 $ret->{RODC_DC_SERVER} = $ret->{SERVER};
1564 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
1565 $ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1566 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1568 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1569 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1570 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1571 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1572 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1573 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1578 sub provision_ad_dc($$)
1580 my ($self, $prefix) = @_;
1582 my $prefix_abs = abs_path($prefix);
1584 my $bindir_abs = abs_path($self->{bindir});
1585 my $lockdir="$prefix_abs/lockdir";
1586 my $conffile="$prefix_abs/etc/smb.conf";
1588 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
1589 $require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1");
1591 my $extra_smbconf_options = "
1592 server services = -smb +s3fs
1593 xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
1595 dbwrap_tdb_mutexes:* = yes
1599 kernel change notify = no
1603 printcap name = /dev/null
1607 server signing = auto
1609 smbd:sharedelay = 100000
1610 smbd:writetimeupdatedelay = 500000
1614 dcerpc endpoint servers = -winreg -srvsvc
1616 printcap name = /dev/null
1618 addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile --
1619 deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile --
1622 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
1623 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
1624 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
1625 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
1626 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
1627 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
1628 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
1630 print notify backchannel = yes
1633 my $extra_smbconf_shares = "
1637 smb encrypt = required
1641 case sensitive = yes
1649 hide unreadable = yes
1653 kernel share modes = no
1672 print "PROVISIONING AD DC...";
1673 my $ret = $self->provision($prefix,
1674 "domain controller",
1677 "addom.samba.example.com",
1682 $extra_smbconf_options,
1683 $extra_smbconf_shares,
1686 return undef unless(defined $ret);
1687 unless($self->add_wins_config("$prefix/private")) {
1688 warn("Unable to add wins configuration");
1692 $ret->{DC_SERVER} = $ret->{SERVER};
1693 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1694 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1695 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1696 $ret->{DC_USERNAME} = $ret->{USERNAME};
1697 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1702 sub provision_chgdcpass($$)
1704 my ($self, $prefix) = @_;
1706 print "PROVISIONING CHGDCPASS...";
1707 my $extra_provision_options = undef;
1708 push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
1709 my $ret = $self->provision($prefix,
1710 "domain controller",
1713 "chgdcpassword.samba.example.com",
1720 $extra_provision_options);
1722 return undef unless(defined $ret);
1723 unless($self->add_wins_config("$prefix/private")) {
1724 warn("Unable to add wins configuration");
1728 # Remove secrets.tdb from this environment to test that we
1729 # still start up on systems without the new matching
1730 # secrets.tdb records.
1731 unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) {
1732 warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
1736 $ret->{DC_SERVER} = $ret->{SERVER};
1737 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1738 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1739 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1740 $ret->{DC_USERNAME} = $ret->{USERNAME};
1741 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1746 sub teardown_env($$)
1748 my ($self, $envvars) = @_;
1751 # This should cause samba to terminate gracefully
1752 close($envvars->{STDIN_PIPE});
1754 $pid = $envvars->{SAMBA_PID};
1758 # This should give it time to write out the gcov data
1759 until ($count > 30) {
1760 if (Samba::cleanup_child($pid, "samba") == -1) {
1767 if ($count > 30 || kill(0, $pid)) {
1770 until ($count > 40) {
1771 if (Samba::cleanup_child($pid, "samba") == -1) {
1777 # If it is still around, kill it
1778 warn "server process $pid took more than $count seconds to exit, killing\n";
1782 $self->slapd_stop($envvars) if ($self->{ldap});
1784 print $self->getlog_env($envvars);
1791 my ($self, $envvars) = @_;
1792 my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
1795 open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
1797 seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
1801 $envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
1804 return "" if $out eq $title;
1811 my ($self, $envvars) = @_;
1812 my $samba_pid = $envvars->{SAMBA_PID};
1814 if (not defined($samba_pid)) {
1816 } elsif ($samba_pid > 0) {
1817 my $childpid = Samba::cleanup_child($samba_pid, "samba");
1819 if ($childpid == 0) {
1831 my ($self, $envname, $path) = @_;
1832 my $target3 = $self->{target3};
1834 $ENV{ENVNAME} = $envname;
1836 if (defined($self->{vars}->{$envname})) {
1837 return $self->{vars}->{$envname};
1840 if ($envname eq "ad_dc_ntvfs") {
1841 return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1842 } elsif ($envname eq "fl2000dc") {
1843 return $self->setup_fl2000dc("$path/fl2000dc");
1844 } elsif ($envname eq "fl2003dc") {
1845 if (not defined($self->{vars}->{ad_dc})) {
1846 $self->setup_ad_dc("$path/ad_dc");
1848 return $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{ad_dc});
1849 } elsif ($envname eq "fl2008r2dc") {
1850 if (not defined($self->{vars}->{ad_dc})) {
1851 $self->setup_ad_dc("$path/ad_dc");
1853 return $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{ad_dc});
1854 } elsif ($envname eq "rpc_proxy") {
1855 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1856 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1858 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ad_dc_ntvfs});
1859 } elsif ($envname eq "vampire_dc") {
1860 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1861 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1863 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs});
1864 } elsif ($envname eq "promoted_dc") {
1865 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1866 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1868 return $self->setup_promoted_dc("$path/promoted_dc", $self->{vars}->{ad_dc_ntvfs});
1869 } elsif ($envname eq "subdom_dc") {
1870 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1871 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1873 return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
1874 } elsif ($envname eq "s4member") {
1875 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1876 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1878 return $self->setup_s4member("$path/s4member", $self->{vars}->{ad_dc_ntvfs});
1879 } elsif ($envname eq "rodc") {
1880 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1881 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1883 return $self->setup_rodc("$path/rodc", $self->{vars}->{ad_dc_ntvfs});
1884 } elsif ($envname eq "chgdcpass") {
1885 return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
1886 } elsif ($envname eq "ad_member") {
1887 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1888 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1890 return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29);
1891 } elsif ($envname eq "ad_dc") {
1892 return $self->setup_ad_dc("$path/ad_dc");
1893 } elsif ($envname eq "ad_dc_no_nss") {
1894 return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
1895 } elsif ($envname eq "ad_member_rfc2307") {
1896 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1897 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1899 return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
1900 $self->{vars}->{ad_dc_ntvfs}, 34);
1901 } elsif ($envname eq "none") {
1902 return $self->setup_none("$path/none");
1908 sub setup_s4member($$$)
1910 my ($self, $path, $dc_vars) = @_;
1912 my $env = $self->provision_s4member($path, $dc_vars);
1915 if (not defined($self->check_or_start($env, "standard"))) {
1919 $self->{vars}->{s4member} = $env;
1925 sub setup_rpc_proxy($$$)
1927 my ($self, $path, $dc_vars) = @_;
1929 my $env = $self->provision_rpc_proxy($path, $dc_vars);
1932 if (not defined($self->check_or_start($env, "standard"))) {
1936 $self->{vars}->{rpc_proxy} = $env;
1941 sub setup_ad_dc_ntvfs($$)
1943 my ($self, $path) = @_;
1945 my $env = $self->provision_ad_dc_ntvfs($path);
1947 if (not defined($self->check_or_start($env, "standard"))) {
1948 warn("Failed to start ad_dc_ntvfs");
1952 $self->{vars}->{ad_dc_ntvfs} = $env;
1957 sub setup_chgdcpass($$)
1959 my ($self, $path) = @_;
1961 my $env = $self->provision_chgdcpass($path);
1963 if (not defined($self->check_or_start($env, "standard"))) {
1967 $self->{vars}->{chgdcpass} = $env;
1972 sub setup_fl2000dc($$)
1974 my ($self, $path) = @_;
1976 my $env = $self->provision_fl2000dc($path);
1978 if (not defined($self->check_or_start($env, "standard"))) {
1982 $self->{vars}->{fl2000dc} = $env;
1988 sub setup_fl2003dc($$$)
1990 my ($self, $path, $dc_vars) = @_;
1992 my $env = $self->provision_fl2003dc($path);
1995 if (not defined($self->check_or_start($env, "standard"))) {
1999 $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys");
2001 $self->{vars}->{fl2003dc} = $env;
2006 sub setup_fl2008r2dc($$$)
2008 my ($self, $path, $dc_vars) = @_;
2010 my $env = $self->provision_fl2008r2dc($path);
2013 if (not defined($self->check_or_start($env, "standard"))) {
2017 my $upn_array = ["$env->{REALM}.upn"];
2018 my $spn_array = ["$env->{REALM}.spn"];
2020 $self->setup_namespaces($env, $upn_array, $spn_array);
2022 $env = $self->setup_trust($env, $dc_vars, "forest", "");
2024 $self->{vars}->{fl2008r2dc} = $env;
2030 sub setup_vampire_dc($$$)
2032 my ($self, $path, $dc_vars) = @_;
2034 my $env = $self->provision_vampire_dc($path, $dc_vars);
2037 if (not defined($self->check_or_start($env, "single"))) {
2041 $self->{vars}->{vampire_dc} = $env;
2043 # force replicated DC to update repsTo/repsFrom
2044 # for vampired partitions
2045 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2047 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2048 if (defined($env->{RESOLV_WRAPPER_CONF})) {
2049 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2051 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2053 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2054 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
2055 $cmd .= " $env->{CONFIGURATION}";
2056 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2057 unless (system($cmd) == 0) {
2058 warn("Failed to exec kcc\n$cmd");
2062 # as 'vampired' dc may add data in its local replica
2063 # we need to synchronize data between DCs
2064 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2066 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2067 if (defined($env->{RESOLV_WRAPPER_CONF})) {
2068 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2070 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2072 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2073 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2074 $cmd .= " $dc_vars->{CONFIGURATION}";
2075 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2076 # replicate Configuration NC
2077 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2078 unless(system($cmd_repl) == 0) {
2079 warn("Failed to replicate\n$cmd_repl");
2082 # replicate Default NC
2083 $cmd_repl = "$cmd \"$base_dn\"";
2084 unless(system($cmd_repl) == 0) {
2085 warn("Failed to replicate\n$cmd_repl");
2093 sub setup_promoted_dc($$$)
2095 my ($self, $path, $dc_vars) = @_;
2097 my $env = $self->provision_promoted_dc($path, $dc_vars);
2100 if (not defined($self->check_or_start($env, "single"))) {
2104 $self->{vars}->{promoted_dc} = $env;
2106 # force source and replicated DC to update repsTo/repsFrom
2107 # for vampired partitions
2108 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2110 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2111 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2112 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2113 $cmd .= " $env->{CONFIGURATION}";
2114 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2115 unless (system($cmd) == 0) {
2116 warn("Failed to exec kcc\n$cmd");
2120 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2122 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2123 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2124 $cmd .= " $samba_tool drs kcc $env->{SERVER}";
2125 $cmd .= " $env->{CONFIGURATION}";
2126 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2127 unless (system($cmd) == 0) {
2128 warn("Failed to exec kcc\n$cmd");
2132 # as 'vampired' dc may add data in its local replica
2133 # we need to synchronize data between DCs
2134 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2135 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2136 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2137 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2138 $cmd .= " $dc_vars->{CONFIGURATION}";
2139 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2140 # replicate Configuration NC
2141 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2142 unless(system($cmd_repl) == 0) {
2143 warn("Failed to replicate\n$cmd_repl");
2146 # replicate Default NC
2147 $cmd_repl = "$cmd \"$base_dn\"";
2148 unless(system($cmd_repl) == 0) {
2149 warn("Failed to replicate\n$cmd_repl");
2157 sub setup_subdom_dc($$$)
2159 my ($self, $path, $dc_vars) = @_;
2161 my $env = $self->provision_subdom_dc($path, $dc_vars);
2164 if (not defined($self->check_or_start($env, "single"))) {
2168 $self->{vars}->{subdom_dc} = $env;
2170 # force replicated DC to update repsTo/repsFrom
2171 # for primary domain partitions
2172 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2174 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2175 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2176 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2177 $cmd .= " $env->{CONFIGURATION}";
2178 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2179 unless (system($cmd) == 0) {
2180 warn("Failed to exec kcc\n$cmd");
2184 # as 'subdomain' dc may add data in its local replica
2185 # we need to synchronize data between DCs
2186 my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
2187 my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2188 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2189 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2190 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
2191 $cmd .= " $dc_vars->{CONFIGURATION}";
2192 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2193 # replicate Configuration NC
2194 my $cmd_repl = "$cmd \"$config_dn\"";
2195 unless(system($cmd_repl) == 0) {
2196 warn("Failed to replicate\n$cmd_repl");
2199 # replicate Default NC
2200 $cmd_repl = "$cmd \"$base_dn\"";
2201 unless(system($cmd_repl) == 0) {
2202 warn("Failed to replicate\n$cmd_repl");
2212 my ($self, $path, $dc_vars) = @_;
2214 my $env = $self->provision_rodc($path, $dc_vars);
2220 if (not defined($self->check_or_start($env, "single"))) {
2224 # force source and replicated DC to update repsTo/repsFrom
2225 # for vampired partitions
2226 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2228 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2229 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2230 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
2231 $cmd .= " $env->{CONFIGURATION}";
2232 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2233 unless (system($cmd) == 0) {
2234 warn("Failed to exec kcc\n$cmd");
2238 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2240 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2241 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2242 $cmd .= " $samba_tool drs kcc -k no $env->{SERVER}";
2243 $cmd .= " $env->{CONFIGURATION}";
2244 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2245 unless (system($cmd) == 0) {
2246 warn("Failed to exec kcc\n$cmd");
2250 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2251 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2252 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2253 $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}";
2254 $cmd .= " $dc_vars->{CONFIGURATION}";
2255 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2256 # replicate Configuration NC
2257 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2258 unless(system($cmd_repl) == 0) {
2259 warn("Failed to replicate\n$cmd_repl");
2262 # replicate Default NC
2263 $cmd_repl = "$cmd \"$base_dn\"";
2264 unless(system($cmd_repl) == 0) {
2265 warn("Failed to replicate\n$cmd_repl");
2269 $self->{vars}->{rodc} = $env;
2276 my ($self, $path, $no_nss) = @_;
2278 # If we didn't build with ADS, pretend this env was never available
2279 if (not $self->{target3}->have_ads()) {
2283 my $env = $self->provision_ad_dc($path);
2288 if (defined($no_nss) and $no_nss) {
2289 $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
2290 $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
2293 if (not defined($self->check_or_start($env, "single"))) {
2297 my $upn_array = ["$env->{REALM}.upn"];
2298 my $spn_array = ["$env->{REALM}.spn"];
2300 $self->setup_namespaces($env, $upn_array, $spn_array);
2302 $self->{vars}->{ad_dc} = $env;
2308 my ($self, $path) = @_;
2311 KRB5_CONFIG => abs_path($path) . "/no_krb5.conf",
git.samba.org / samba.git / blob