use FindBin qw($RealBin);
use POSIX;
use target::Samba;
+use File::Path 'remove_tree';
sub have_ads($) {
my ($self) = @_;
my $stat_out = `stat --file-system $path` or return "";
if ($stat_out =~ m/Type:\s+btrfs/) {
- $mods .= "btrfs ";
+ $mods .= "streams_xattr btrfs";
}
if ($mods) {
fss: sequence timeout = 1
";
- my $vars = $self->provision($path,
+ my $vars = $self->provision($path, "SAMBA-TEST",
"LOCALNT4DC2",
"localntdc2pass",
$nt4_dc_options);
server schannel = yes
";
- my $vars = $self->provision($path,
+ my $vars = $self->provision($path, "NT4SCHANNEL",
"LOCALNT4DC9",
"localntdc9pass",
$pdc_options);
dbwrap_tdb_mutexes:* = yes
${require_mutexes}
";
- my $ret = $self->provision($prefix,
+ my $ret = $self->provision($prefix, $nt4_dc_vars->{DOMAIN},
"LOCALNT4MEMBER3",
"localnt4member3pass",
$member_options);
{
my ($self, $prefix, $dcvars) = @_;
+ my $prefix_abs = abs_path($prefix);
+ my @dirs = ();
+
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
print "PROVISIONING S3 AD MEMBER...";
+ mkdir($prefix_abs, 0777);
+
+ my $share_dir="$prefix_abs/share";
+ push(@dirs, $share_dir);
+
+ my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}";
+ push(@dirs, $substitution_path);
+
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice";
+ push(@dirs, $substitution_path);
+
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users";
+ push(@dirs, $substitution_path);
+
+ # Using '/' as the winbind separator is a bad idea ...
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}";
+ push(@dirs, $substitution_path);
+
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice";
+ push(@dirs, $substitution_path);
+
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}";
+ push(@dirs, $substitution_path);
+
+ $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users";
+ push(@dirs, $substitution_path);
+
my $member_options = "
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
netbios aliases = foo bar
+ template homedir = /home/%D/%G/%U
+
+[sub_dug]
+ path = $share_dir/D_%D/U_%U/G_%G
+ writeable = yes
+
+[sub_dug2]
+ path = $share_dir/D_%D/u_%u/g_%g
+ writeable = yes
+
";
- my $ret = $self->provision($prefix,
+ my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
"LOCALADMEMBER",
"loCalMemberPass",
$member_options,
$ret or return undef;
+ mkdir($_, 0777) foreach(@dirs);
+
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
my $ctx;
- my $prefix_abs = abs_path($prefix);
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = $dcvars->{DOMAIN};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
+ idmap cache time = 0
+ idmap negative cache time = 0
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
idmap config * : rangesize = 100000
idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
";
- my $ret = $self->provision($prefix,
+ my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
"RFC2307MEMBER",
"loCalMemberPass",
$member_options,
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
+ Samba::mk_krb5_conf($ctx, "");
+
+ $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
+
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ if (defined($ret->{RESOLV_WRAPPER_CONF})) {
+ $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
+ } else {
+ $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
+ }
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION}";
+ $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+
+ if (system($cmd) != 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ # We need world access to this share, as otherwise the domain
+ # administrator from the AD domain provided by Samba4 can't
+ # access the share for tests.
+ chmod 0777, "$prefix/share";
+
+ if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
+ return undef;
+ }
+
+ $ret->{DC_SERVER} = $dcvars->{SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+ $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+
+ # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
+ $ret->{target} = $self;
+
+ return $ret;
+}
+
+sub setup_ad_member_idmap_rid($$$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->have_ads()) {
+ return "UNKNOWN";
+ }
+
+ print "PROVISIONING S3 AD MEMBER WITH idmap_rid config...";
+
+ my $member_options = "
+ security = ads
+ workgroup = $dcvars->{DOMAIN}
+ realm = $dcvars->{REALM}
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+ idmap config $dcvars->{DOMAIN} : backend = rid
+ idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+";
+
+ my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
+ "IDMAPRIDMEMBER",
+ "loCalMemberPass",
+ $member_options,
+ $dcvars->{SERVER_IP},
+ $dcvars->{SERVER_IPV6});
+
+ $ret or return undef;
+
+ close(USERMAP);
+ $ret->{DOMAIN} = $dcvars->{DOMAIN};
+ $ret->{REALM} = $dcvars->{REALM};
+
+ my $ctx;
+ my $prefix_abs = abs_path($prefix);
+ $ctx = {};
+ $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
+ $ctx->{domain} = $dcvars->{DOMAIN};
+ $ctx->{realm} = $dcvars->{REALM};
+ $ctx->{dnsname} = lc($dcvars->{REALM});
+ $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
+ $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
ntlm auth = yes
vfs objects = xattr_tdb streams_depot time_audit full_audit
change notify = no
+ smb encrypt = off
full_audit:syslog = no
full_audit:success = none
store dos attributes = yes
hide files = /hidefile/
hide dot files = yes
+
+[enc_desired]
+ path = $prefix_abs/share
+ vfs objects =
+ smb encrypt = desired
";
- my $vars = $self->provision($path,
+ my $vars = $self->provision($path, "WORKGROUP",
"LOCALSHARE4",
"local4pass",
$simpleserver_options);
mkdir($prefix_abs, 0777);
+ my $usershare_dir="$prefix_abs/lib/usershare";
+
+ mkdir("$prefix_abs/lib", 0755);
+ remove_tree($usershare_dir);
+ mkdir($usershare_dir, 01770);
+
my $share_dir="$prefix_abs/share";
# Create share directory structure
push(@dirs, $dfree_share_dir);
push(@dirs, "$dfree_share_dir/subdir1");
push(@dirs, "$dfree_share_dir/subdir2");
+ push(@dirs, "$dfree_share_dir/subdir3");
my $valid_users_sharedir="$share_dir/valid_users";
push(@dirs,$valid_users_sharedir);
my $smbget_sharedir="$share_dir/smbget";
push(@dirs,$smbget_sharedir);
+ my $tarmode_sharedir="$share_dir/tarmode";
+ push(@dirs,$tarmode_sharedir);
+
+ my $usershare_sharedir="$share_dir/usershares";
+ push(@dirs,$usershare_sharedir);
+
my $fileserver_options = "
+ usershare path = $usershare_dir
+ usershare max shares = 10
+ usershare allow guests = yes
+ usershare prefix allow list = $usershare_sharedir
+
[lowercase]
path = $lower_case_share_dir
comment = smb username is [%U]
acl_xattr:ignore system acls = yes
";
- my $vars = $self->provision($path,
+ my $vars = $self->provision($path, "WORKGROUP",
"FILESERVER",
"fileserver",
$fileserver_options,
security = ads
username map = $prefix/lib/username.map
server signing = required
+ server min protocol = SMB3_00
+ client max protocol = SMB3
";
- my $ret = $self->provision($prefix,
+ my $ret = $self->provision($prefix, "KTEST",
"LOCALKTEST6",
"localktest6pass",
$ktest_options);
$ctx->{dnsname} = lc($ctx->{realm});
$ctx->{kdc_ipv4} = "0.0.0.0";
$ctx->{kdc_ipv6} = "::";
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
ntlm auth = yes
";
- my $vars = $self->provision($path,
+ my $vars = $self->provision($path, "WORKGROUP",
"maptoguest",
"maptoguestpass",
$options);
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
+ $ENV{KRB5CCNAME} = "$env_vars->{KRB5_CCACHE}.nmbd";
$ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
+ $ENV{KRB5CCNAME} = "$env_vars->{KRB5_CCACHE}.winbindd";
$ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
+ $ENV{KRB5CCNAME} = "$env_vars->{KRB5_CCACHE}.smbd";
$ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
warn("Unable to set password for $username account\n$cmd");
return undef;
}
- print "DONE\n";
}
-sub provision($$$$$$$$)
+sub provision($$$$$$$$$)
{
- my ($self, $prefix, $server, $password, $extra_options, $dc_server_ip, $dc_server_ipv6, $no_delete_prefix) = @_;
+ my ($self, $prefix, $domain, $server, $password, $extra_options, $dc_server_ip, $dc_server_ipv6, $no_delete_prefix) = @_;
##
## setup the various environment variables we need
my %ret = ();
my $server_ip = "127.0.0.$swiface";
my $server_ipv6 = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
- my $domain = "SAMBA-TEST";
my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`);
chomp $unix_name;
my $shadow_shrdir="$shadow_basedir/share";
push(@dirs,$shadow_shrdir);
+ my $nosymlinks_shrdir="$shrdir/nosymlinks";
+ push(@dirs,$nosymlinks_shrdir);
+
+ my $local_symlinks_shrdir="$shrdir/local_symlinks";
+ push(@dirs,$local_symlinks_shrdir);
+
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
- my $wbsockprivdir="$lockdir/winbindd_privileged";
my $nmbdsockdir="$prefix_abs/nmbd";
unlink($nmbdsockdir);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
my ($gid_userdup, $gid_everyone);
my ($gid_force_user);
+ my ($uid_user1);
+ my ($uid_user2);
- if ($unix_uid < 0xffff - 7) {
+ if ($unix_uid < 0xffff - 10) {
$max_uid = 0xffff;
} else {
$max_uid = $unix_uid;
$uid_pdbtest_wkn = $max_uid - 6;
$uid_force_user = $max_uid - 7;
$uid_smbget = $max_uid - 8;
+ $uid_user1 = $max_uid - 9;
+ $uid_user2 = $max_uid - 10;
if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
winbind enum users = yes
winbind enum groups = yes
winbind separator = /
+ include system krb5 conf = no
# min receivefile size = 4000
[vfs_fruit]
path = $shrdir
vfs objects = catia fruit streams_xattr acl_xattr
- ea support = yes
- fruit:ressource = file
+ fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
+[vfs_fruit_metadata_stream]
+ path = $shrdir
+ vfs objects = fruit streams_xattr acl_xattr
+ fruit:resource = file
+ fruit:metadata = stream
+
+[vfs_fruit_stream_depot]
+ path = $shrdir
+ vfs objects = fruit streams_depot acl_xattr
+ fruit:resource = stream
+ fruit:metadata = stream
+
+[vfs_wo_fruit]
+ path = $shrdir
+ vfs objects = streams_xattr acl_xattr
+
+[vfs_wo_fruit_stream_depot]
+ path = $shrdir
+ vfs objects = streams_depot acl_xattr
+
[badname-tmp]
path = $badnames_shrdir
guest ok = yes
wide links = yes
[dfq]
path = $shrdir/dfree
- vfs objects = fake_dfq
+ vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
admin users = $unix_name
include = $dfqconffile
+[dfq_owner]
+ path = $shrdir/dfree
+ vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
+ inherit owner = yes
+ include = $dfqconffile
+[acl_xattr_ign_sysacl_posix]
+ copy = tmp
+ acl_xattr:ignore system acls = yes
+ acl_xattr:default acl style = posix
+[acl_xattr_ign_sysacl_windows]
+ copy = tmp
+ acl_xattr:ignore system acls = yes
+ acl_xattr:default acl style = windows
+
+[mangle_illegal]
+ copy = tmp
+ mangled names = illegal
+
+[nosymlinks]
+ copy = tmp
+ path = $nosymlinks_shrdir
+ follow symlinks = no
+
+[local_symlinks]
+ copy = tmp
+ path = $local_symlinks_shrdir
+ follow symlinks = yes
+
+[kernel_oplocks]
+ copy = tmp
+ kernel oplocks = yes
+ vfs objects = streams_xattr xattr_tdb
+
+[compound_find]
+ copy = tmp
+ smbd:find async delay usec = 10000
";
close(CONF);
pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false
+user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
+user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
createuser($self, $unix_name, $password, $conffile) || die("Unable to create user");
createuser($self, "force_user", $password, $conffile) || die("Unable to create force_user");
createuser($self, "smbget_user", $password, $conffile) || die("Unable to create smbget_user");
+ createuser($self, "user1", $password, $conffile) || die("Unable to create user1");
+ createuser($self, "user2", $password, $conffile) || die("Unable to create user2");
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
print DNS_UPDATE_LIST "A $server. $server_ip\n";
print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n";
close(DNS_UPDATE_LIST);
+ print "DONE\n";
+
$ret{SERVER_IP} = $server_ip;
$ret{SERVER_IPV6} = $server_ipv6;
$ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
$ret{SMBD_TEST_LOG_POS} = 0;
$ret{SERVERCONFFILE} = $conffile;
$ret{CONFIGURATION} ="-s $conffile";
+ $ret{LOCK_DIR} = $lockdir;
$ret{SERVER} = $server;
$ret{USERNAME} = $unix_name;
$ret{USERID} = $unix_uid;
$ret{PASSWORD} = $password;
$ret{PIDDIR} = $piddir;
$ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir;
- $ret{WINBINDD_PRIV_PIPE_DIR} = $wbsockprivdir;
$ret{NMBD_SOCKET_DIR} = $nmbdsockdir;
$ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface;
$ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
#
$ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
+ # Define KRB5CCNAME for each environment we set up
+ $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache";
+ $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE};
+
return \%ret;
}