s4/torture: tests for vfs_acl_xattr default ACL styles
[samba.git] / selftest / target / Samba3.pm
index 934153c053783ea0645b27cea92a353483d5b221..f68d7de4c5961fba8f184e6191bb0eaac3712060 100755 (executable)
@@ -49,10 +49,9 @@ sub get_fs_specific_conf($$)
 }
 
 sub new($$) {
-       my ($classname, $bindir, $binary_mapping, $srcdir, $server_maxtime) = @_;
+       my ($classname, $bindir, $srcdir, $server_maxtime) = @_;
        my $self = { vars => {},
                     bindir => $bindir,
-                    binary_mapping => $binary_mapping,
                     srcdir => $srcdir,
                     server_maxtime => $server_maxtime
        };
@@ -173,38 +172,49 @@ sub setup_env($$$)
                return $self->{vars}->{$envname};
        }
 
-       if ($envname eq "s3dc") {
-               return $self->setup_s3dc("$path/s3dc");
-       } elsif ($envname eq "s3dc_schannel") {
-               return $self->setup_s3dc_schannel("$path/s3dc_schannel");
+       #
+       # Avoid hitting system krb5.conf -
+       # An env that needs Kerberos will reset this to the real
+       # value.
+       #
+       $ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
+
+       if ($envname eq "nt4_dc") {
+               return $self->setup_nt4_dc("$path/nt4_dc");
+       } elsif ($envname eq "nt4_dc_schannel") {
+               return $self->setup_nt4_dc_schannel("$path/nt4_dc_schannel");
        } elsif ($envname eq "simpleserver") {
                return $self->setup_simpleserver("$path/simpleserver");
+       } elsif ($envname eq "fileserver") {
+               return $self->setup_fileserver("$path/fileserver");
        } elsif ($envname eq "maptoguest") {
                return $self->setup_maptoguest("$path/maptoguest");
        } elsif ($envname eq "ktest") {
                return $self->setup_ktest("$path/ktest");
-       } elsif ($envname eq "member") {
-               if (not defined($self->{vars}->{s3dc})) {
-                       if (not defined($self->setup_s3dc("$path/s3dc"))) {
+       } elsif ($envname eq "nt4_member") {
+               if (not defined($self->{vars}->{nt4_dc})) {
+                       if (not defined($self->setup_nt4_dc("$path/nt4_dc"))) {
                                return undef;
                        }
                }
-               return $self->setup_member("$path/member", $self->{vars}->{s3dc});
+               return $self->setup_nt4_member("$path/nt4_member", $self->{vars}->{nt4_dc});
        } else {
                return "UNKNOWN";
        }
 }
 
-sub setup_s3dc($$)
+sub setup_nt4_dc($$)
 {
        my ($self, $path) = @_;
 
-       print "PROVISIONING S3DC...";
+       print "PROVISIONING NT4 DC...";
 
-       my $s3dc_options = "
+       my $nt4_dc_options = "
        domain master = yes
        domain logons = yes
        lanman auth = yes
+       ntlm auth = yes
+       raw NTLMv2 auth = yes
 
        rpc_server:epmapper = external
        rpc_server:spoolss = external
@@ -212,16 +222,19 @@ sub setup_s3dc($$)
        rpc_server:samr = external
        rpc_server:netlogon = external
        rpc_server:register_embedded_np = yes
+       rpc_server:FssagentRpc = external
 
        rpc_daemon:epmd = fork
        rpc_daemon:spoolssd = fork
        rpc_daemon:lsasd = fork
+       rpc_daemon:fssd = fork
+       fss: sequence timeout = 1
 ";
 
        my $vars = $self->provision($path,
-                                   "LOCALS3DC2",
-                                   "locals3dc2pass",
-                                   $s3dc_options);
+                                   "LOCALNT4DC2",
+                                   "localntdc2pass",
+                                   $nt4_dc_options);
 
        $vars or return undef;
 
@@ -236,16 +249,16 @@ sub setup_s3dc($$)
        $vars->{DC_USERNAME} = $vars->{USERNAME};
        $vars->{DC_PASSWORD} = $vars->{PASSWORD};
 
-       $self->{vars}->{s3dc} = $vars;
+       $self->{vars}->{nt4_dc} = $vars;
 
        return $vars;
 }
 
-sub setup_s3dc_schannel($$)
+sub setup_nt4_dc_schannel($$)
 {
        my ($self, $path) = @_;
 
-       print "PROVISIONING S3DC WITH SERVER SCHANNEL ...";
+       print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ...";
 
        my $pdc_options = "
        domain master = yes
@@ -267,8 +280,8 @@ sub setup_s3dc_schannel($$)
 ";
 
        my $vars = $self->provision($path,
-                                   "LOCALS3DC9",
-                                   "locals3dc9pass",
+                                   "LOCALNT4DC9",
+                                   "localntdc9pass",
                                    $pdc_options);
 
        $vars or return undef;
@@ -284,27 +297,30 @@ sub setup_s3dc_schannel($$)
        $vars->{DC_USERNAME} = $vars->{USERNAME};
        $vars->{DC_PASSWORD} = $vars->{PASSWORD};
 
-       $self->{vars}->{s3dc_schannel} = $vars;
+       $self->{vars}->{nt4_dc_schannel} = $vars;
 
        return $vars;
 }
 
-sub setup_member($$$)
+sub setup_nt4_member($$$)
 {
-       my ($self, $prefix, $s3dcvars) = @_;
+       my ($self, $prefix, $nt4_dc_vars) = @_;
        my $count = 0;
        my $rc;
 
        print "PROVISIONING MEMBER...";
 
+       my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
+       $require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1");
+
        my $member_options = "
        security = domain
-       server signing = on
        dbwrap_tdb_mutexes:* = yes
+       ${require_mutexes}
 ";
        my $ret = $self->provision($prefix,
-                                  "LOCALMEMBER3",
-                                  "localmember3pass",
+                                  "LOCALNT4MEMBER3",
+                                  "localnt4member3pass",
                                   $member_options);
 
        $ret or return undef;
@@ -327,8 +343,9 @@ sub setup_member($$$)
        my $net = Samba::bindir_path($self, "net");
        my $cmd = "";
        $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
-       $cmd .= "$net join $ret->{CONFIGURATION} $s3dcvars->{DOMAIN} member";
-       $cmd .= " -U$s3dcvars->{USERNAME}\%$s3dcvars->{PASSWORD}";
+       $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
+       $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
+       $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
 
        if (system($cmd) != 0) {
            warn("Join failed\n$cmd");
@@ -339,12 +356,12 @@ sub setup_member($$$)
               return undef;
        }
 
-       $ret->{DC_SERVER} = $s3dcvars->{SERVER};
-       $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP};
-       $ret->{DC_SERVER_IPV6} = $s3dcvars->{SERVER_IPV6};
-       $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME};
-       $ret->{DC_USERNAME} = $s3dcvars->{USERNAME};
-       $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD};
+       $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
+       $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
+       $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
+       $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
+       $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
+       $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
 
        return $ret;
 }
@@ -362,9 +379,9 @@ sub setup_admember($$$$)
 
        my $member_options = "
        security = ads
-       server signing = on
         workgroup = $dcvars->{DOMAIN}
         realm = $dcvars->{REALM}
+        netbios aliases = foo bar
 ";
 
        my $ret = $self->provision($prefix,
@@ -402,6 +419,7 @@ sub setup_admember($$$$)
                $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
        }
        $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+       $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
        $cmd .= "$net join $ret->{CONFIGURATION}";
        $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
 
@@ -445,9 +463,11 @@ sub setup_admember_rfc2307($$$$)
 
        my $member_options = "
        security = ads
-       server signing = on
         workgroup = $dcvars->{DOMAIN}
         realm = $dcvars->{REALM}
+        idmap config * : backend = autorid
+        idmap config * : range = 1000000-1999999
+        idmap config * : rangesize = 100000
         idmap config $dcvars->{DOMAIN} : backend = rfc2307
         idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
         idmap config $dcvars->{DOMAIN} : ldap_server = ad
@@ -490,6 +510,7 @@ sub setup_admember_rfc2307($$$$)
                $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
        }
        $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+       $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
        $cmd .= "$net join $ret->{CONFIGURATION}";
        $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
 
@@ -524,19 +545,32 @@ sub setup_simpleserver($$)
 {
        my ($self, $path) = @_;
 
-       print "PROVISIONING server with security=share...";
+       print "PROVISIONING simple server...";
 
        my $prefix_abs = abs_path($path);
 
        my $simpleserver_options = "
        lanman auth = yes
-       vfs objects = xattr_tdb streams_depot
+       ntlm auth = yes
+       vfs objects = xattr_tdb streams_depot time_audit full_audit
+       change notify = no
+
+       full_audit:syslog = no
+       full_audit:success = none
+       full_audit:failure = none
 
 [vfs_aio_fork]
        path = $prefix_abs/share
         vfs objects = aio_fork
         read only = no
         vfs_aio_fork:erratic_testing_mode=yes
+
+[dosmode]
+       path = $prefix_abs/share
+       vfs objects =
+       store dos attributes = yes
+       hide files = /hidefile/
+       hide dot files = yes
 ";
 
        my $vars = $self->provision($path,
@@ -555,6 +589,166 @@ sub setup_simpleserver($$)
        return $vars;
 }
 
+sub setup_fileserver($$)
+{
+       my ($self, $path) = @_;
+       my $prefix_abs = abs_path($path);
+       my $srcdir_abs = abs_path($self->{srcdir});
+
+       print "PROVISIONING file server ...\n";
+
+       my @dirs = ();
+
+       mkdir($prefix_abs, 0777);
+
+       my $share_dir="$prefix_abs/share";
+
+       # Create share directory structure
+       my $lower_case_share_dir="$share_dir/lower-case";
+       push(@dirs, $lower_case_share_dir);
+
+       my $lower_case_share_dir_30000="$share_dir/lower-case-30000";
+       push(@dirs, $lower_case_share_dir_30000);
+
+       my $dfree_share_dir="$share_dir/dfree";
+       push(@dirs, $dfree_share_dir);
+       push(@dirs, "$dfree_share_dir/subdir1");
+       push(@dirs, "$dfree_share_dir/subdir2");
+       push(@dirs, "$dfree_share_dir/subdir3");
+
+       my $valid_users_sharedir="$share_dir/valid_users";
+       push(@dirs,$valid_users_sharedir);
+
+       my $offline_sharedir="$share_dir/offline";
+       push(@dirs,$offline_sharedir);
+
+       my $force_user_valid_users_dir = "$share_dir/force_user_valid_users";
+       push(@dirs, $force_user_valid_users_dir);
+
+       my $smbget_sharedir="$share_dir/smbget";
+       push(@dirs,$smbget_sharedir);
+
+       my $fileserver_options = "
+[lowercase]
+       path = $lower_case_share_dir
+       comment = smb username is [%U]
+       case sensitive = True
+       default case = lower
+       preserve case = no
+       short preserve case = no
+[lowercase-30000]
+       path = $lower_case_share_dir_30000
+       comment = smb username is [%U]
+       case sensitive = True
+       default case = lower
+       preserve case = no
+       short preserve case = no
+[dfree]
+       path = $dfree_share_dir
+       comment = smb username is [%U]
+       dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh
+[valid-users-access]
+       path = $valid_users_sharedir
+       valid users = +userdup
+[offline]
+       path = $offline_sharedir
+       vfs objects = offline
+
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
+# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
+[force_user_valid_users]
+       path = $force_user_valid_users_dir
+       comment = force user with valid users combination test share
+       valid users = +force_user
+       force user = force_user
+       force group = everyone
+       write list = force_user
+
+[smbget]
+       path = $smbget_sharedir
+       comment = smb username is [%U]
+       guest ok = yes
+[ign_sysacls]
+       path = $share_dir
+       comment = ignore system acls
+       acl_xattr:ignore system acls = yes
+[inherit_owner]
+       path = $share_dir
+       comment = inherit owner
+       inherit owner = yes
+[inherit_owner_u]
+       path = $share_dir
+       comment = inherit only unix owner
+       inherit owner = unix only
+       acl_xattr:ignore system acls = yes
+";
+
+       my $vars = $self->provision($path,
+                                   "FILESERVER",
+                                   "fileserver",
+                                   $fileserver_options,
+                                   undef,
+                                   undef,
+                                   1);
+
+       $vars or return undef;
+
+       if (not $self->check_or_start($vars, "yes", "no", "yes")) {
+              return undef;
+       }
+
+       $self->{vars}->{fileserver} = $vars;
+
+       mkdir($_, 0777) foreach(@dirs);
+
+       ## Create case sensitive lower case share dir
+       foreach my $file ('a'..'z') {
+               my $full_path = $lower_case_share_dir . '/' . $file;
+               open my $fh, '>', $full_path;
+               # Add some content to file
+               print $fh $full_path;
+               close $fh;
+       }
+
+       for (my $file = 1; $file < 51; ++$file) {
+               my $full_path = $lower_case_share_dir . '/' . $file;
+               open my $fh, '>', $full_path;
+               # Add some content to file
+               print $fh $full_path;
+               close $fh;
+       }
+
+       # Create content for 30000 share
+       foreach my $file ('a'..'z') {
+               my $full_path = $lower_case_share_dir_30000 . '/' . $file;
+               open my $fh, '>', $full_path;
+               # Add some content to file
+               print $fh $full_path;
+               close $fh;
+       }
+
+       for (my $file = 1; $file < 30001; ++$file) {
+               my $full_path = $lower_case_share_dir_30000 . '/' . $file;
+               open my $fh, '>', $full_path;
+               # Add some content to file
+               print $fh $full_path;
+               close $fh;
+       }
+
+       ##
+       ## create a listable file in valid_users_share
+       ##
+        my $valid_users_target = "$valid_users_sharedir/foo";
+        unless (open(VALID_USERS_TARGET, ">$valid_users_target")) {
+                warn("Unable to open $valid_users_target");
+                return undef;
+        }
+        close(VALID_USERS_TARGET);
+        chmod 0644, $valid_users_target;
+
+       return $vars;
+}
+
 sub setup_ktest($$$)
 {
        my ($self, $prefix) = @_;
@@ -660,6 +854,7 @@ sub setup_maptoguest($$)
 
        my $options = "
 map to guest = bad user
+ntlm auth = yes
 ";
 
        my $vars = $self->provision($path,
@@ -734,6 +929,7 @@ sub check_or_start($$$$$) {
                $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME};
                $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH};
                $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX};
+               $ENV{UID_WRAPPER_ROOT} = "1";
 
                $ENV{ENVNAME} = "$ENV{ENVNAME}.nmbd";
 
@@ -797,6 +993,7 @@ sub check_or_start($$$$$) {
                } else {
                        $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
                }
+               $ENV{UID_WRAPPER_ROOT} = "1";
 
                $ENV{ENVNAME} = "$ENV{ENVNAME}.winbindd";
 
@@ -860,6 +1057,7 @@ sub check_or_start($$$$$) {
                } else {
                        $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
                }
+               $ENV{UID_WRAPPER_ROOT} = "1";
 
                $ENV{ENVNAME} = "$ENV{ENVNAME}.smbd";
 
@@ -904,6 +1102,21 @@ sub check_or_start($$$$$) {
        return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd);
 }
 
+sub createuser($$$$)
+{
+       my ($self, $username, $password, $conffile) = @_;
+       my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null";
+       unless (open(PWD, "|$cmd")) {
+           warn("Unable to set password for $username account\n$cmd");
+           return undef;
+       }
+       print PWD "$password\n$password\n";
+       unless (close(PWD)) {
+           warn("Unable to set password for $username account\n$cmd");
+           return undef;
+       }
+}
+
 sub provision($$$$$$$$)
 {
        my ($self, $prefix, $server, $password, $extra_options, $dc_server_ip, $dc_server_ipv6, $no_delete_prefix) = @_;
@@ -977,6 +1190,24 @@ sub provision($$$$$$$$)
        my $lease2_shrdir="$shrdir/SMB3_00";
        push(@dirs,$lease2_shrdir);
 
+       my $manglenames_shrdir="$shrdir/manglenames";
+       push(@dirs,$manglenames_shrdir);
+
+       my $widelinks_shrdir="$shrdir/widelinks";
+       push(@dirs,$widelinks_shrdir);
+
+       my $widelinks_linkdir="$shrdir/widelinks_foo";
+       push(@dirs,$widelinks_linkdir);
+
+       my $shadow_tstdir="$shrdir/shadow";
+       push(@dirs,$shadow_tstdir);
+       my $shadow_mntdir="$shadow_tstdir/mount";
+       push(@dirs,$shadow_mntdir);
+       my $shadow_basedir="$shadow_mntdir/base";
+       push(@dirs,$shadow_basedir);
+       my $shadow_shrdir="$shadow_basedir/share";
+       push(@dirs,$shadow_shrdir);
+
        # this gets autocreated by winbindd
        my $wbsockdir="$prefix_abs/winbindd";
        my $wbsockprivdir="$lockdir/winbindd_privileged";
@@ -1060,7 +1291,33 @@ sub provision($$$$$$$$)
         close(BADNAME_TARGET);
         chmod 0666, $badname_target;
 
+       ##
+       ## create mangleable directory names in $manglenames_shrdir
+       ##
+        my $manglename_target = "$manglenames_shrdir/foo:bar";
+       mkdir($manglename_target, 0777);
+
+       ##
+       ## create symlinks for widelinks tests.
+       ##
+       my $widelinks_target = "$widelinks_linkdir/target";
+       unless (open(WIDELINKS_TARGET, ">$widelinks_target")) {
+               warn("Unable to open $widelinks_target");
+               return undef;
+       }
+       close(WIDELINKS_TARGET);
+       chmod 0666, $widelinks_target;
+       ##
+       ## This link should get ACCESS_DENIED
+       ##
+       symlink "$widelinks_target", "$widelinks_shrdir/source";
+       ##
+       ## This link should be allowed
+       ##
+       symlink "$widelinks_shrdir", "$widelinks_shrdir/dot";
+
        my $conffile="$libdir/server.conf";
+       my $dfqconffile="$libdir/dfq.conf";
 
        my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/lib/nss_wrapper/nss_wrapper.pl";
        my $nss_wrapper_passwd = "$privatedir/passwd";
@@ -1071,6 +1328,8 @@ sub provision($$$$$$$$)
 
        my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl";
 
+       my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl";
+
        my @eventlog_list = ("dns server", "application");
 
        ##
@@ -1078,10 +1337,17 @@ sub provision($$$$$$$$)
        ##
 
        my ($max_uid, $max_gid);
-       my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
+       my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
+       my ($uid_pdbtest_wkn);
+       my ($uid_smbget);
+       my ($uid_force_user);
        my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
+       my ($gid_userdup, $gid_everyone);
+       my ($gid_force_user);
+       my ($uid_user1);
+       my ($uid_user2);
 
-       if ($unix_uid < 0xffff - 4) {
+       if ($unix_uid < 0xffff - 10) {
                $max_uid = 0xffff;
        } else {
                $max_uid = $unix_uid;
@@ -1091,8 +1357,14 @@ sub provision($$$$$$$$)
        $uid_nobody = $max_uid - 2;
        $uid_pdbtest = $max_uid - 3;
        $uid_pdbtest2 = $max_uid - 4;
-
-       if ($unix_gids[0] < 0xffff - 5) {
+       $uid_userdup = $max_uid - 5;
+       $uid_pdbtest_wkn = $max_uid - 6;
+       $uid_force_user = $max_uid - 7;
+       $uid_smbget = $max_uid - 8;
+       $uid_user1 = $max_uid - 9;
+       $uid_user2 = $max_uid - 10;
+
+       if ($unix_gids[0] < 0xffff - 8) {
                $max_gid = 0xffff;
        } else {
                $max_gid = $unix_gids[0];
@@ -1103,6 +1375,9 @@ sub provision($$$$$$$$)
        $gid_root = $max_gid - 3;
        $gid_domusers = $max_gid - 4;
        $gid_domadmins = $max_gid - 5;
+       $gid_userdup = $max_gid - 6;
+       $gid_everyone = $max_gid - 7;
+       $gid_force_user = $max_gid - 8;
 
        ##
        ## create conffile
@@ -1152,9 +1427,8 @@ sub provision($$$$$$$$)
 
        kernel oplocks = no
        kernel change notify = no
-       smb2 leases = yes
 
-       syslog = no
+       logging = file
        printing = bsd
        printcap name = /dev/null
 
@@ -1168,7 +1442,6 @@ sub provision($$$$$$$$)
 #      min receivefile size = 4000
 
        read only = no
-       server signing = auto
 
        smbd:sharedelay = 100000
        smbd:writetimeupdatedelay = 500000
@@ -1179,6 +1452,7 @@ sub provision($$$$$$$$)
        create mask = 755
        dos filemode = yes
        strict rename = yes
+       strict sync = yes
        vfs objects = acl_xattr fake_acls xattr_tdb streams_depot
 
        printing = vlp
@@ -1198,6 +1472,21 @@ sub provision($$$$$$$$)
         # sending messages works, and that the %m sub works.
         message command = mv %s $shrdir/message.%m
 
+       # fsrvp server requires registry shares
+       registry shares = yes
+
+       # Used by RPC SRVSVC tests
+       add share command = $bindir_abs/smbaddshare
+       change share command = $bindir_abs/smbchangeshare
+       delete share command = $bindir_abs/smbdeleteshare
+
+       # fruit:copyfile is a global option
+       fruit:copyfile = yes
+
+       #this does not mean that we use non-secure test env,
+       #it just means we ALLOW one to be configured.
+       allow insecure wide links = yes
+
        # Begin extra options
        $extra_options
        # End extra options
@@ -1234,9 +1523,15 @@ sub provision($$$$$$$$)
         force user = $unix_name
         guest ok = yes
 [forceuser_unixonly]
+       comment = force a user with unix user SID and group SID
        path = $shrdir
        force user = pdbtest
        guest ok = yes
+[forceuser_wkngroup]
+       comment = force a user with well-known group SID
+       path = $shrdir
+       force user = pdbtest_wkn
+       guest ok = yes
 [forcegroup]
        path = $shrdir
         force group = nogroup
@@ -1251,6 +1546,7 @@ sub provision($$$$$$$$)
 [valid-users-tmp]
        path = $shrdir
        valid users = $unix_name
+       access based share enum = yes
 [msdfs-share]
        path = $msdfs_shrdir
        msdfs root = yes
@@ -1309,7 +1605,7 @@ sub provision($$$$$$$$)
        force create mode = 0
        directory mask = 0777
        force directory mode = 0
-       vfs objects = xattr_tdb
+       vfs objects = xattr_tdb streams_depot
 [aio]
        copy = tmp
        aio read size = 1
@@ -1320,7 +1616,8 @@ sub provision($$$$$$$$)
 
 [vfs_fruit]
        path = $shrdir
-       vfs objects = catia fruit streams_xattr
+       vfs objects = catia fruit streams_xattr acl_xattr
+       ea support = yes
        fruit:ressource = file
        fruit:metadata = netatalk
        fruit:locking = netatalk
@@ -1330,12 +1627,188 @@ sub provision($$$$$$$$)
        path = $badnames_shrdir
        guest ok = yes
 
+[manglenames_share]
+       path = $manglenames_shrdir
+       guest ok = yes
+
 [dynamic_share]
        path = $shrdir/%R
        guest ok = yes
+
+[widelinks_share]
+       path = $widelinks_shrdir
+       wide links = no
+       guest ok = yes
+
+[fsrvp_share]
+       path = $shrdir
+       comment = fake shapshots using rsync
+       vfs objects = shell_snap shadow_copy2
+       shell_snap:check path command = $fake_snap_pl --check
+       shell_snap:create command = $fake_snap_pl --create
+       shell_snap:delete command = $fake_snap_pl --delete
+       # a relative path here fails, the snapshot dir is no longer found
+       shadow:snapdir = $shrdir/.snapshots
+
+[shadow1]
+       path = $shadow_shrdir
+       comment = previous versions snapshots under mount point
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+
+[shadow2]
+       path = $shadow_shrdir
+       comment = previous versions snapshots outside mount point
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       shadow:snapdir = $shadow_tstdir/.snapshots
+
+[shadow3]
+       path = $shadow_shrdir
+       comment = previous versions with subvolume snapshots, snapshots under base dir
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+
+[shadow4]
+       path = $shadow_shrdir
+       comment = previous versions with subvolume snapshots, snapshots outside mount point
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_tstdir/.snapshots
+
+[shadow5]
+       path = $shadow_shrdir
+       comment = previous versions at volume root snapshots under mount point
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_shrdir
+
+[shadow6]
+       path = $shadow_shrdir
+       comment = previous versions at volume root snapshots outside mount point
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_shrdir
+       shadow:snapdir = $shadow_tstdir/.snapshots
+
+[shadow7]
+       path = $shadow_shrdir
+       comment = previous versions snapshots everywhere
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       shadow:snapdirseverywhere = yes
+
+[shadow8]
+       path = $shadow_shrdir
+       comment = previous versions using snapsharepath
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       shadow:snapdir = $shadow_tstdir/.snapshots
+       shadow:snapsharepath = share
+
+[shadow_fmt0]
+       comment = Testing shadow:format with default option
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
+
+[shadow_fmt1]
+       comment = Testing shadow:format with only date component
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:format = \@GMT-%Y-%m-%d
+
+[shadow_fmt2]
+       comment = Testing shadow:format with some hardcoded prefix
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S
+
+[shadow_fmt3]
+       comment = Testing shadow:format with modified format
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap
+
+[shadow_fmt4]
+       comment = Testing shadow:snapprefix regex
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:snapprefix = \^s[a-z]*p\$
+       shadow:format = _GMT-%Y.%m.%d-%H.%M.%S
+
+[shadow_fmt5]
+       comment = Testing shadow:snapprefix with delim regex
+       vfs object = shadow_copy2
+       path = $shadow_shrdir
+       read only = no
+       guest ok = yes
+       shadow:mountpoint = $shadow_mntdir
+       shadow:basedir = $shadow_basedir
+       shadow:snapdir = $shadow_basedir/.snapshots
+       shadow:delimiter = \@GMT
+       shadow:snapprefix = [a-z]*
+       shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
+
+[shadow_wl]
+       path = $shadow_shrdir
+       comment = previous versions with wide links allowed
+       vfs objects = shadow_copy2
+       shadow:mountpoint = $shadow_mntdir
+       wide links = yes
+[dfq]
+       path = $shrdir/dfree
+       vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
+       admin users = $unix_name
+       include = $dfqconffile
+[dfq_owner]
+       path = $shrdir/dfree
+       vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
+       inherit owner = yes
+       include = $dfqconffile
+[acl_xattr_ign_sysacl_posix]
+       copy = tmp
+       acl_xattr:ignore system acls = yes
+       acl_xattr:default acl style = posix
+[acl_xattr_ign_sysacl_windows]
+       copy = tmp
+       acl_xattr:ignore system acls = yes
+       acl_xattr:default acl style = windows
        ";
        close(CONF);
 
+       unless (open(DFQCONF, ">$dfqconffile")) {
+               warn("Unable to open $dfqconffile");
+               return undef;
+       }
+       close(DFQCONF);
+
        ##
        ## create a test account
        ##
@@ -1348,6 +1821,12 @@ sub provision($$$$$$$$)
 $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
 pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
 pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
+userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
+pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
+force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
+smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false
+user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
+user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
 ";
        if ($unix_uid != 0) {
                print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -1364,6 +1843,9 @@ nogroup:x:$gid_nogroup:nobody
 $unix_name-group:x:$unix_gids[0]:
 domusers:X:$gid_domusers:
 domadmins:X:$gid_domadmins:
+userdup:x:$gid_userdup:$unix_name
+everyone:x:$gid_everyone:
+force_user:x:$gid_force_user:
 ";
        if ($unix_gids[0] != 0) {
                print GROUP "root:x:$gid_root:
@@ -1416,23 +1898,19 @@ domadmins:X:$gid_domadmins:
                $ENV{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
        }
 
-        my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $unix_name > /dev/null";
-       unless (open(PWD, "|$cmd")) {
-             warn("Unable to set password for test account\n$cmd");
-             return undef;
-        }
-       print PWD "$password\n$password\n";
-       unless (close(PWD)) {
-             warn("Unable to set password for test account\n$cmd");
-             return undef; 
-        }
-       print "DONE\n";
+       createuser($self, $unix_name, $password, $conffile) || die("Unable to create user");
+       createuser($self, "force_user", $password, $conffile) || die("Unable to create force_user");
+       createuser($self, "smbget_user", $password, $conffile) || die("Unable to create smbget_user");
+       createuser($self, "user1", $password, $conffile) || die("Unable to create user1");
+       createuser($self, "user2", $password, $conffile) || die("Unable to create user2");
 
        open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
        print DNS_UPDATE_LIST "A $server. $server_ip\n";
        print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n";
        close(DNS_UPDATE_LIST);
 
+       print "DONE\n";
+
        $ret{SERVER_IP} = $server_ip;
        $ret{SERVER_IPV6} = $server_ipv6;
        $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
@@ -1468,6 +1946,13 @@ domadmins:X:$gid_domadmins:
        $ret{LOCAL_PATH} = "$shrdir";
         $ret{LOGDIR} = $logdir;
 
+       #
+       # Avoid hitting system krb5.conf -
+       # An env that needs Kerberos will reset this to the real
+       # value.
+       #
+       $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
+
        return \%ret;
 }
 
@@ -1510,11 +1995,11 @@ sub wait_for_start($$$$$)
            do {
                $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "wbinfo") . " --ping-dc");
                if ($ret != 0) {
-                   sleep(2);
+                   sleep(1);
                }
                $count++;
-           } while ($ret != 0 && $count < 10);
-           if ($count == 10) {
+           } while ($ret != 0 && $count < 20);
+           if ($count == 20) {
                print "WINBINDD not reachable after 20 seconds\n";
                teardown_env($self, $envvars);
                return 0;
@@ -1527,13 +2012,13 @@ sub wait_for_start($$$$$)
 
            my $count = 0;
            do {
-               $ret = system(Samba::bindir_path($self, "smbclient3") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
+               $ret = system(Samba::bindir_path($self, "smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
                if ($ret != 0) {
-                   sleep(2);
+                   sleep(1);
                }
                $count++
-           } while ($ret != 0 && $count < 10);
-           if ($count == 10) {
+           } while ($ret != 0 && $count < 20);
+           if ($count == 20) {
                print "SMBD failed to start up in a reasonable time (20sec)\n";
                teardown_env($self, $envvars);
                return 0;
@@ -1549,6 +2034,10 @@ sub wait_for_start($$$$$)
        if ($ret != 0) {
            return 1;
        }
+       $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin");
+       if ($ret != 0) {
+           return 1;
+       }
 
        if ($winbindd eq "yes") {
            # note: creating builtin groups requires winbindd for the