return $self->setup_dc("$path/dc");
} elsif ($envname eq "secshare") {
return $self->setup_secshare("$path/secshare");
+ } elsif ($envname eq "ktest") {
+ return $self->setup_ktest("$path/ktest");
} elsif ($envname eq "secserver") {
if (not defined($self->{vars}->{dc})) {
- $self->setup_dc("$path/dc");
+ if (not defined($self->setup_dc("$path/dc"))) {
+ return undef;
+ }
}
return $self->setup_secserver("$path/secserver", $self->{vars}->{dc});
} elsif ($envname eq "member") {
if (not defined($self->{vars}->{dc})) {
- $self->setup_dc("$path/dc");
+ if (not defined($self->setup_dc("$path/dc"))) {
+ return undef;
+ }
}
return $self->setup_member("$path/member", $self->{vars}->{dc});
} else {
"localdc2pass",
$dc_options);
+ $vars or return undef;
+
$self->check_or_start($vars,
($ENV{SMBD_MAXTIME} or 2700),
"yes", "yes", "yes");
- $self->wait_for_start($vars);
+ if (not $self->wait_for_start($vars)) {
+ return undef;
+ }
$vars->{DC_SERVER} = $vars->{SERVER};
$vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
"localmember3pass",
$member_options);
- $ret or die("Unable to provision");
+ $ret or return undef;
my $net = $self->binpath("net");
my $cmd = "";
($ENV{SMBD_MAXTIME} or 2700),
"yes", "yes", "yes");
- $self->wait_for_start($ret);
+ if (not $self->wait_for_start($ret)) {
+ return undef;
+ }
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
"local4pass",
$secshare_options);
+ $vars or return undef;
+
$self->check_or_start($vars,
($ENV{SMBD_MAXTIME} or 2700),
"yes", "no", "yes");
- $self->wait_for_start($vars);
+ if (not $self->wait_for_start($vars)) {
+ return undef;
+ }
$self->{vars}->{secshare} = $vars;
"localserver5pass",
$secserver_options);
- $ret or die("Unable to provision");
+ $ret or return undef;
$self->check_or_start($ret,
($ENV{SMBD_MAXTIME} or 2700),
"yes", "no", "yes");
- $self->wait_for_start($ret);
+ if (not $self->wait_for_start($ret)) {
+ return undef;
+ }
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
return $ret;
}
+sub setup_ktest($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+
+ print "PROVISIONING server with security=ads...";
+
+ my $ktest_options = "
+ workgroup = KTEST
+ realm = ktest.samba.example.com
+ security = ads
+ username map = $prefix/lib/username.map
+";
+
+ my $ret = $self->provision($prefix,
+ "LOCALKTEST6",
+ 5,
+ "localktest6pass",
+ $ktest_options);
+
+ $ret or return undef;
+
+ open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
+ print USERMAP "
+$ret->{USERNAME} = KTEST\\Administrator
+";
+ close(USERMAP);
+
+#This is the secrets.tdb created by 'net ads join' from Samba3 to a
+#Samba4 DC with the same parameters as are being used here. The
+#domain SID is S-1-5-21-1071277805-689288055-3486227160
+
+ system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb");
+ chmod 0600, "$prefix/private/secrets.tdb";
+
+#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with:
+# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232"
+#
+#and having in krb5.conf:
+# ticket_lifetime = 799718400
+# renew_lifetime = 799718400
+#
+# The commands for the -2 keytab where were:
+# kinit administrator@KTEST.SAMBA.EXAMPLE.COM
+# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
+# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
+# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
+# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
+#
+# and then for the -3 keytab, I did
+#
+# net changetrustpw; kdestroy and the same again.
+#
+# This creates a credential cache with a very long lifetime (2036 at
+# at 2011-04), and shows that running 'net changetrustpw' does not
+# break existing logins (for the secrets.tdb method at least).
+#
+
+ $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
+
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
+ chmod 0600, "$prefix/krb5_ccache-2";
+
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
+ chmod 0600, "$prefix/krb5_ccache-3";
+
+ $self->check_or_start($ret,
+ ($ENV{SMBD_MAXTIME} or 2700),
+ "yes", "no", "yes");
+
+ if (not $self->wait_for_start($ret)) {
+ return undef;
+ }
+ return $ret;
+}
+
sub stop_sig_term($$) {
my ($self, $pid) = @_;
kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
print "DONE\n";
+ open(HOSTS, ">>$ENV{SELFTEST_PREFIX}/dns_host_file") or die("Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file");
+ print HOSTS "A $server. $server_ip
+";
+ close(HOSTS);
+
$ret{SERVER_IP} = $server_ip;
$ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
$ret{NMBD_TEST_LOG_POS} = 0;
system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__");
system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
system($self->binpath("nmblookup") ." $envvars->{CONFIGURATION} $envvars->{SERVER}");
+
# make sure smbd is also up set
print "wait for smbd\n";
- system($self->binpath("smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER_IP} -U% -p 139 | head -2");
- system($self->binpath("smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER_IP} -U% -p 139 | head -2");
+ my $count = 0;
+ my $ret;
+ do {
+ $ret = system($self->binpath("smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
+ if ($ret != 0) {
+ sleep(2);
+ }
+ $count++
+ } while ($ret != 0 && $count < 10);
+ if ($count == 10) {
+ print "SMBD failed to start up in a reasonable time (20sec)\n";
+ teardown_env($self, $envvars);
+ return 0;
+ }
# Ensure we have domain users mapped.
- system($self->binpath("net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain");
+ $ret = system($self->binpath("net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain");
+ if ($ret != 0) {
+ return 1;
+ }
print $self->getlog_env($envvars);
+
+ return 1;
}
1;