2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
10 use FindBin qw($RealBin);
17 my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
24 server_maxtime => $server_maxtime,
25 target3 => new Samba3($bindir, $srcdir, $server_maxtime)
31 sub scriptdir_path($$) {
32 my ($self, $path) = @_;
33 return "$self->{srcdir}/source4/scripting/$path";
36 sub openldap_start($$$) {
42 my ($self, $env_vars, $STDIN_READER) = @_;
43 my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
45 my $uri = $env_vars->{LDAP_URI};
47 if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
48 print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
51 # running slapd in the background means it stays in the same process group, so it can be
55 open STDOUT, ">$env_vars->{LDAPDIR}/logs";
56 open STDERR, '>&STDOUT';
57 close($env_vars->{STDIN_PIPE});
58 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
60 if ($self->{ldap} eq "fedora-ds") {
61 exec("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd", "-D", $env_vars->{FEDORA_DS_DIR}, "-d0", "-i", $env_vars->{FEDORA_DS_PIDFILE});
62 } elsif ($self->{ldap} eq "openldap") {
63 exec($ENV{OPENLDAP_SLAPD}, "-dnone", "-F", $env_vars->{SLAPD_CONF_D}, "-h", $uri);
65 die("Unable to start slapd: $!");
67 $env_vars->{SLAPD_PID} = $pid;
69 while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
72 $self->slapd_stop($env_vars);
82 my ($self, $envvars) = @_;
83 kill 9, $envvars->{SLAPD_PID};
87 sub check_or_start($$$)
89 my ($self, $env_vars, $process_model) = @_;
92 my $env_ok = $self->check_env($env_vars);
94 return $env_vars->{SAMBA_PID};
95 } elsif (defined($env_vars->{SAMBA_PID})) {
96 warn("SAMBA PID $env_vars->{SAMBA_PID} is not running (died)");
100 # use a pipe for stdin in the child processes. This allows
101 # those processes to monitor the pipe for EOF to ensure they
102 # exit when the test script exits
103 pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
105 # Start slapd before samba, but with the fifo on stdin
106 if (defined($self->{ldap})) {
107 unless($self->slapd_start($env_vars, $STDIN_READER)) {
108 warn("couldn't start slapd (main run)");
113 print "STARTING SAMBA...\n";
116 # we want out from samba to go to the log file, but also
117 # to the users terminal when running 'make test' on the command
118 # line. This puts it on stderr on the terminal
119 open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
120 open STDERR, '>&STDOUT';
122 SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
124 $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
125 $ENV{SELFTEST_WINBINDD_SOCKET_DIR} = $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR};
126 $ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
128 $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
129 $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
130 $ENV{NSS_WRAPPER_HOSTS} = $env_vars->{NSS_WRAPPER_HOSTS};
131 $ENV{NSS_WRAPPER_HOSTNAME} = $env_vars->{NSS_WRAPPER_HOSTNAME};
132 $ENV{NSS_WRAPPER_MODULE_SO_PATH} = $env_vars->{NSS_WRAPPER_MODULE_SO_PATH};
133 $ENV{NSS_WRAPPER_MODULE_FN_PREFIX} = $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX};
135 if (defined($env_vars->{RESOLV_WRAPPER_CONF})) {
136 $ENV{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF};
138 $ENV{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS};
141 $ENV{UID_WRAPPER} = "1";
142 $ENV{UID_WRAPPER_ROOT} = "1";
144 $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba");
147 if (defined($ENV{SAMBA_OPTIONS})) {
148 @optargs = split(/ /, $ENV{SAMBA_OPTIONS});
150 if(defined($ENV{SAMBA_VALGRIND})) {
151 @preargs = split(/ /,$ENV{SAMBA_VALGRIND});
154 close($env_vars->{STDIN_PIPE});
155 open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
157 exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
159 $env_vars->{SAMBA_PID} = $pid;
160 print "DONE ($pid)\n";
162 close($STDIN_READER);
164 if ($self->wait_for_start($env_vars) != 0) {
165 warn("Samba $pid failed to start up");
172 sub wait_for_start($$)
174 my ($self, $testenv_vars) = @_;
178 if (not $self->check_env($testenv_vars)) {
179 warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running");
183 # This will return quickly when things are up, but be slow if we
184 # need to wait for (eg) SSL init
185 my $nmblookup = Samba::bindir_path($self, "nmblookup4");
188 $ret = system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
192 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
193 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
194 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
195 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
196 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
197 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
198 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
199 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
200 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
201 system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
202 system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
205 } while ($ret != 0 && $count < 20);
207 warn("nbt not reachable after 20 retries\n");
208 teardown_env($self, $testenv_vars);
212 # Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
213 if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) {
214 # Add hosts file for name lookups
215 $ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
216 if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
217 $ENV{RESOLV_WRAPPER_CONF} = $testenv_vars->{RESOLV_WRAPPER_CONF};
219 $ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS};
222 print "waiting for working LDAP and a RID Set to be allocated\n";
223 my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
225 my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
226 my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
228 my $cmd = "$ldbsearch $testenv_vars->{CONFIGURATION} -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool";
229 while (system("$cmd >/dev/null") != 0) {
231 if ($count > $max_wait) {
232 warn("Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}");
239 print $self->getlog_env($testenv_vars);
244 sub write_ldb_file($$$)
246 my ($self, $file, $ldif) = @_;
248 my $ldbadd = Samba::bindir_path($self, "ldbadd");
249 open(LDIF, "|$ldbadd -H $file >/dev/null");
254 sub add_wins_config($$)
256 my ($self, $privatedir) = @_;
258 return $self->write_ldb_file("$privatedir/wins_config.ldb", "
259 dn: name=TORTURE_11,CN=PARTNERS
260 objectClass: wreplPartner
271 my ($self, $ctx) = @_;
273 #Make the subdirectory be as fedora DS would expect
274 my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
276 my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
278 return ($fedora_ds_dir, $pidfile);
283 my ($self, $ctx) = @_;
285 my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
286 my $pidfile = "$ctx->{ldapdir}/slapd.pid";
288 return ($slapd_conf_d, $pidfile);
291 sub setup_namespaces($$:$$)
293 my ($self, $localenv, $upn_array, $spn_array) = @_;
295 @{$upn_array} = [] unless defined($upn_array);
297 foreach my $upn (@{$upn_array}) {
298 $upn_args .= " --add-upn-suffix=$upn";
301 @{$spn_array} = [] unless defined($spn_array);
303 foreach my $spn (@{$spn_array}) {
304 $spn_args .= " --add-spn-suffix=$spn";
307 my $samba_tool = Samba::bindir_path($self, "samba-tool");
310 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
311 if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
312 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
314 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
316 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
318 my $cmd_config = " $localenv->{CONFIGURATION}";
320 my $namespaces = $cmd_env;
321 $namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args";
322 $namespaces .= $cmd_config;
323 unless (system($namespaces) == 0) {
324 warn("Failed to add namespaces \n$namespaces");
331 sub setup_trust($$$$$)
333 my ($self, $localenv, $remoteenv, $type, $extra_args) = @_;
335 $localenv->{TRUST_SERVER} = $remoteenv->{SERVER};
336 $localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP};
337 $localenv->{TRUST_SERVER_IPV6} = $remoteenv->{SERVER_IPV6};
338 $localenv->{TRUST_NETBIOSNAME} = $remoteenv->{NETBIOSNAME};
339 $localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME};
340 $localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD};
341 $localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN};
342 $localenv->{TRUST_REALM} = $remoteenv->{REALM};
344 my $samba_tool = Samba::bindir_path($self, "samba-tool");
347 $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
348 if (defined($localenv->{RESOLV_WRAPPER_CONF})) {
349 $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" ";
351 $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" ";
353 $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"";
355 my $cmd_config = " $localenv->{CONFIGURATION}";
356 my $cmd_creds = $cmd_config;
357 $cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}";
359 my $create = $cmd_env;
360 $create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}";
361 $create .= " $extra_args";
362 $create .= $cmd_creds;
363 unless (system($create) == 0) {
364 warn("Failed to create trust \n$create");
371 sub provision_raw_prepare($$$$$$$$$$$)
373 my ($self, $prefix, $server_role, $hostname,
374 $domain, $realm, $functional_level,
375 $password, $kdc_ipv4, $kdc_ipv6) = @_;
377 my $netbiosname = uc($hostname);
379 unless(-d $prefix or mkdir($prefix, 0777)) {
380 warn("Unable to create $prefix");
383 my $prefix_abs = abs_path($prefix);
385 die ("prefix=''") if $prefix_abs eq "";
386 die ("prefix='/'") if $prefix_abs eq "/";
388 unless (system("rm -rf $prefix_abs/*") == 0) {
389 warn("Unable to clean up");
393 my $swiface = Samba::get_interface($hostname);
395 $ctx->{prefix} = $prefix;
396 $ctx->{prefix_abs} = $prefix_abs;
398 $ctx->{server_role} = $server_role;
399 $ctx->{hostname} = $hostname;
400 $ctx->{netbiosname} = $netbiosname;
401 $ctx->{swiface} = $swiface;
402 $ctx->{password} = $password;
403 $ctx->{kdc_ipv4} = $kdc_ipv4;
404 $ctx->{kdc_ipv6} = $kdc_ipv6;
405 if ($functional_level eq "2000") {
406 $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"
410 # Set smbd log level here.
412 $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
413 $ctx->{username} = "Administrator";
414 $ctx->{domain} = $domain;
415 $ctx->{realm} = uc($realm);
416 $ctx->{dnsname} = lc($realm);
418 $ctx->{functional_level} = $functional_level;
420 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
422 $ctx->{unix_name} = $unix_name;
423 $ctx->{unix_uid} = $>;
424 my @mygid = split(" ", $();
425 $ctx->{unix_gid} = $mygid[0];
426 $ctx->{unix_gids_str} = $);
427 @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
429 $ctx->{etcdir} = "$prefix_abs/etc";
430 $ctx->{piddir} = "$prefix_abs/pid";
431 $ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
432 $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
433 $ctx->{privatedir} = "$prefix_abs/private";
434 $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
435 $ctx->{lockdir} = "$prefix_abs/lockdir";
436 $ctx->{logdir} = "$prefix_abs/logs";
437 $ctx->{statedir} = "$prefix_abs/statedir";
438 $ctx->{cachedir} = "$prefix_abs/cachedir";
439 $ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
440 $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
441 $ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
442 $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
443 $ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
444 $ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts";
445 $ctx->{nsswrap_hostname} = "$ctx->{hostname}.$ctx->{dnsname}";
446 if ($ENV{SAMBA_DNS_FAKING}) {
447 $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
448 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}";
450 $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces";
451 $ctx->{use_resolv_wrapper} = 1;
453 $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf";
455 $ctx->{tlsdir} = "$ctx->{privatedir}/tls";
457 $ctx->{ipv4} = "127.0.0.$swiface";
458 $ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
459 $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
461 push(@{$ctx->{directories}}, $ctx->{privatedir});
462 push(@{$ctx->{directories}}, $ctx->{etcdir});
463 push(@{$ctx->{directories}}, $ctx->{piddir});
464 push(@{$ctx->{directories}}, $ctx->{lockdir});
465 push(@{$ctx->{directories}}, $ctx->{logdir});
466 push(@{$ctx->{directories}}, $ctx->{statedir});
467 push(@{$ctx->{directories}}, $ctx->{cachedir});
469 $ctx->{smb_conf_extra_options} = "";
471 my @provision_options = ();
472 push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
473 push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
474 push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
475 push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
476 push (@provision_options, "NSS_WRAPPER_HOSTNAME=\"$ctx->{nsswrap_hostname}\"");
477 if (defined($ctx->{use_resolv_wrapper})) {
478 push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"");
480 push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"");
482 if (defined($ENV{GDB_PROVISION})) {
483 push (@provision_options, "gdb --args");
484 if (!defined($ENV{PYTHON})) {
485 push (@provision_options, "env");
486 push (@provision_options, "python");
489 if (defined($ENV{VALGRIND_PROVISION})) {
490 push (@provision_options, "valgrind");
491 if (!defined($ENV{PYTHON})) {
492 push (@provision_options, "env");
493 push (@provision_options, "python");
496 if (defined($ENV{PYTHON})) {
497 push (@provision_options, $ENV{PYTHON});
499 push (@provision_options, Samba::bindir_path($self, "samba-tool"));
500 push (@provision_options, "domain");
501 push (@provision_options, "provision");
502 push (@provision_options, "--configfile=$ctx->{smb_conf}");
503 push (@provision_options, "--host-name=$ctx->{hostname}");
504 push (@provision_options, "--host-ip=$ctx->{ipv4}");
505 push (@provision_options, "--quiet");
506 push (@provision_options, "--domain=$ctx->{domain}");
507 push (@provision_options, "--realm=$ctx->{realm}");
508 push (@provision_options, "--adminpass=$ctx->{password}");
509 push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
510 push (@provision_options, "--machinepass=machine$ctx->{password}");
511 push (@provision_options, "--root=$ctx->{unix_name}");
512 push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
513 push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
515 @{$ctx->{provision_options}} = @provision_options;
521 # Step1 creates the basic configuration
523 sub provision_raw_step1($$)
525 my ($self, $ctx) = @_;
527 mkdir($_, 0777) foreach (@{$ctx->{directories}});
530 ## lockdir and piddir must be 0755
532 chmod 0755, $ctx->{lockdir};
533 chmod 0755, $ctx->{piddir};
535 unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
536 warn("can't open $ctx->{smb_conf}$?");
540 Samba::prepare_keyblobs($ctx);
541 my $crlfile = "$ctx->{tlsdir}/crl.pem";
542 $crlfile = "" unless -e ${crlfile};
546 netbios name = $ctx->{netbiosname}
547 posix:eadb = $ctx->{statedir}/eadb.tdb
548 workgroup = $ctx->{domain}
549 realm = $ctx->{realm}
550 private dir = $ctx->{privatedir}
551 pid directory = $ctx->{piddir}
552 ncalrpc dir = $ctx->{ncalrpcdir}
553 lock dir = $ctx->{lockdir}
554 state directory = $ctx->{statedir}
555 cache directory = $ctx->{cachedir}
556 winbindd socket directory = $ctx->{winbindd_socket_dir}
557 winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
558 ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
559 winbind separator = /
560 interfaces = $ctx->{interfaces}
561 tls dh params file = $ctx->{tlsdir}/dhparms.pem
562 tls crlfile = ${crlfile}
563 tls verify peer = no_check
564 panic action = $RealBin/gdb_backtrace \%d
566 server role = $ctx->{server_role}
567 server services = +echo +smb -s3fs
568 dcerpc endpoint servers = +winreg +srvsvc
569 notify:inotify = false
571 ldap server require strong auth = yes
572 #We don't want to pass our self-tests if the PAC code is wrong
573 gensec:require_pac = true
574 log file = $ctx->{logdir}/log.\%m
575 log level = $ctx->{server_loglevel}
579 dns update command = $ctx->{samba_dnsupdate}
580 spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
581 dreplsrv:periodic_startup_interval = 0
582 dsdb:schema update allowed = yes
584 vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
586 idmap_ldb:use rfc2307=yes
587 winbind enum users = yes
588 winbind enum groups = yes
593 # Begin extra options
594 $ctx->{smb_conf_extra_options}
599 #Default the KDC IP to the server's IP
600 if (not defined($ctx->{kdc_ipv4})) {
601 $ctx->{kdc_ipv4} = $ctx->{ipv4};
603 if (not defined($ctx->{kdc_ipv6})) {
604 $ctx->{kdc_ipv6} = $ctx->{ipv6};
607 Samba::mk_krb5_conf($ctx);
609 open(PWD, ">$ctx->{nsswrap_passwd}");
610 if ($ctx->{unix_uid} != 0) {
611 print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n";
613 print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n";
614 print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
615 pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
616 pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
617 pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
618 pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
621 my $uid_rfc2307test = 65533;
623 open(GRP, ">$ctx->{nsswrap_group}");
624 if ($ctx->{unix_gid} != 0) {
625 print GRP "root:x:0:\n";
627 print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n";
628 print GRP "wheel:x:10:
631 nogroup:x:65534:nobody
634 my $gid_rfc2307test = 65532;
636 my $hostname = lc($ctx->{hostname});
637 open(HOSTS, ">>$ctx->{nsswrap_hosts}");
638 if ($hostname eq "localdc") {
639 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
640 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n";
642 print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n";
643 print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n";
647 if (defined($ctx->{resolv_conf})) {
648 open(RESOLV_CONF, ">$ctx->{resolv_conf}");
649 print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n";
650 print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n";
654 my $configuration = "--configfile=$ctx->{smb_conf}";
656 #Ensure the config file is valid before we start
657 my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm";
658 if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
659 system("$testparm -v --suppress-prompt $configuration >&2");
660 warn("Failed to create a valid smb.conf configuration $testparm!");
663 unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
664 warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
669 KRB5_CONFIG => $ctx->{krb5_conf},
670 PIDDIR => $ctx->{piddir},
671 SERVER => $ctx->{hostname},
672 SERVER_IP => $ctx->{ipv4},
673 SERVER_IPV6 => $ctx->{ipv6},
674 NETBIOSNAME => $ctx->{netbiosname},
675 DOMAIN => $ctx->{domain},
676 USERNAME => $ctx->{username},
677 REALM => $ctx->{realm},
678 PASSWORD => $ctx->{password},
679 LDAPDIR => $ctx->{ldapdir},
680 LDAP_INSTANCE => $ctx->{ldap_instance},
681 SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
682 NCALRPCDIR => $ctx->{ncalrpcdir},
683 LOCKDIR => $ctx->{lockdir},
684 STATEDIR => $ctx->{statedir},
685 CACHEDIR => $ctx->{cachedir},
686 PRIVATEDIR => $ctx->{privatedir},
687 SERVERCONFFILE => $ctx->{smb_conf},
688 CONFIGURATION => $configuration,
689 SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
690 NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
691 NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
692 NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts},
693 NSS_WRAPPER_HOSTNAME => $ctx->{nsswrap_hostname},
694 SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
695 SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
696 SAMBA_TEST_LOG_POS => 0,
697 NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
698 NSS_WRAPPER_MODULE_FN_PREFIX => "winbind",
699 LOCAL_PATH => $ctx->{share},
700 UID_RFC2307TEST => $uid_rfc2307test,
701 GID_RFC2307TEST => $gid_rfc2307test,
702 SERVER_ROLE => $ctx->{server_role},
703 RESOLV_CONF => $ctx->{resolv_conf}
706 if (defined($ctx->{use_resolv_wrapper})) {
707 $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf};
709 $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
716 # Step2 runs the provision script
718 sub provision_raw_step2($$$)
720 my ($self, $ctx, $ret) = @_;
722 my $provision_cmd = join(" ", @{$ctx->{provision_options}});
723 unless (system($provision_cmd) == 0) {
724 warn("Unable to provision: \n$provision_cmd\n");
728 my $testallowed_account = "testallowed";
729 my $samba_tool_cmd = "";
730 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
731 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
732 . " user create --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
733 unless (system($samba_tool_cmd) == 0) {
734 warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
739 $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
740 $ldbmodify .= Samba::bindir_path($self, "ldbmodify");
741 my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
743 if ($ctx->{server_role} ne "domain controller") {
744 $base_dn = "DC=$ctx->{netbiosname}";
747 my $user_dn = "cn=$testallowed_account,cn=users,$base_dn";
748 $testallowed_account = "testallowed account";
749 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
750 print LDIF "dn: $user_dn
752 replace: samAccountName
753 samAccountName: $testallowed_account
758 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
759 print LDIF "dn: $user_dn
761 replace: userPrincipalName
762 userPrincipalName: testallowed upn\@$ctx->{realm}
763 replace: servicePrincipalName
764 servicePrincipalName: host/testallowed
769 $samba_tool_cmd = "";
770 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
771 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
772 . " user create --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
773 unless (system($samba_tool_cmd) == 0) {
774 warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
778 my $user_dn = "cn=testdenied,cn=users,$base_dn";
779 open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
780 print LDIF "dn: $user_dn
782 replace: userPrincipalName
783 userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
788 $samba_tool_cmd = "";
789 $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
790 $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
791 . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
792 unless (system($samba_tool_cmd) == 0) {
793 warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n");
800 sub provision($$$$$$$$$$)
802 my ($self, $prefix, $server_role, $hostname,
803 $domain, $realm, $functional_level,
804 $password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares,
805 $extra_provision_options) = @_;
807 my $ctx = $self->provision_raw_prepare($prefix, $server_role,
809 $domain, $realm, $functional_level,
810 $password, $kdc_ipv4, $kdc_ipv6);
812 if (defined($extra_provision_options)) {
813 push (@{$ctx->{provision_options}}, @{$extra_provision_options});
815 push (@{$ctx->{provision_options}}, "--use-ntvfs");
818 $ctx->{share} = "$ctx->{prefix_abs}/share";
819 push(@{$ctx->{directories}}, "$ctx->{share}");
820 push(@{$ctx->{directories}}, "$ctx->{share}/test1");
821 push(@{$ctx->{directories}}, "$ctx->{share}/test2");
823 # precreate directories for printer drivers
824 push(@{$ctx->{directories}}, "$ctx->{share}/W32X86");
825 push(@{$ctx->{directories}}, "$ctx->{share}/x64");
826 push(@{$ctx->{directories}}, "$ctx->{share}/WIN40");
829 $msdfs = "yes" if ($server_role eq "domain controller");
830 $ctx->{smb_conf_extra_options} = "
833 server max protocol = SMB2
836 allow nt4 crypto = yes
838 # fruit:copyfile is a global option
841 $extra_smbconf_options
846 posix:sharedelay = 100000
847 posix:oplocktimeout = 3
848 posix:writetimeupdatedelay = 500000
853 posix:sharedelay = 100000
854 posix:oplocktimeout = 3
855 posix:writetimeupdatedelay = 500000
857 force create mode = 777
863 force create mode = 0
864 directory mask = 0777
865 force directory mode = 0
868 path = $ctx->{share}/test1
870 posix:sharedelay = 100000
871 posix:oplocktimeout = 3
872 posix:writetimeupdatedelay = 500000
875 path = $ctx->{share}/test2
877 posix:sharedelay = 100000
878 posix:oplocktimeout = 3
879 posix:writetimeupdatedelay = 500000
882 path = $ctx->{share}/_ignore_cifs_
885 cifs:server = $ctx->{netbiosname}
887 cifs:use-s4u2proxy = yes
888 # There is no username specified here, instead the client is expected
889 # to log in with kerberos, and the serverwill use delegated credentials.
890 # Or the server tries s4u2self/s4u2proxy to impersonate the client
895 ntvfs handler = simple
898 path = $ctx->{statedir}/sysvol
902 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
907 ntvfs handler = cifsposix
911 vfs objects = catia fruit streams_xattr acl_xattr
913 fruit:ressource = file
914 fruit:metadata = netatalk
915 fruit:locking = netatalk
916 fruit:encoding = native
918 $extra_smbconf_shares
921 if (defined($self->{ldap})) {
922 $ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
923 push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
925 my $ldap_uri= "$ctx->{ldapdir}/ldapi";
926 $ldap_uri =~ s|/|%2F|g;
927 $ldap_uri = "ldapi://$ldap_uri";
928 $ctx->{ldap_uri} = $ldap_uri;
930 $ctx->{ldap_instance} = lc($ctx->{netbiosname});
933 my $ret = $self->provision_raw_step1($ctx);
934 unless (defined $ret) {
938 if (defined($self->{ldap})) {
939 $ret->{LDAP_URI} = $ctx->{ldap_uri};
940 push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
941 push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
942 if ($self->{ldap} eq "openldap") {
943 push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
944 ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
946 } elsif ($self->{ldap} eq "fedora-ds") {
947 push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
948 push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
949 ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
954 return $self->provision_raw_step2($ctx, $ret);
957 sub provision_s4member($$$)
959 my ($self, $prefix, $dcvars) = @_;
960 print "PROVISIONING MEMBER...\n";
961 my $extra_smb_conf = "
962 passdb backend = samba_dsdb
963 winbindd:use external pipes = true
965 # the source4 smb server doesn't allow signing by default
966 server signing = enabled
968 rpc_server:default = external
969 rpc_server:svcctl = embedded
970 rpc_server:srvsvc = embedded
971 rpc_server:eventlog = embedded
972 rpc_server:ntsvcs = embedded
973 rpc_server:winreg = embedded
974 rpc_server:spoolss = embedded
975 rpc_daemon:spoolssd = embedded
976 rpc_server:tcpip = no
978 my $ret = $self->provision($prefix,
985 $dcvars->{SERVER_IP},
986 $dcvars->{SERVER_IPV6},
987 $extra_smb_conf, "", undef);
992 my $samba_tool = Samba::bindir_path($self, "samba-tool");
994 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
995 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
996 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
998 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1000 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1001 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
1002 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1003 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
1005 unless (system($cmd) == 0) {
1006 warn("Join failed\n$cmd");
1010 $ret->{MEMBER_SERVER} = $ret->{SERVER};
1011 $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
1012 $ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6};
1013 $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
1014 $ret->{MEMBER_USERNAME} = $ret->{USERNAME};
1015 $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
1017 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1018 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1019 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1020 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1021 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1022 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1027 sub provision_rpc_proxy($$$)
1029 my ($self, $prefix, $dcvars) = @_;
1030 print "PROVISIONING RPC PROXY...\n";
1032 my $extra_smbconf_options = "
1033 passdb backend = samba_dsdb
1036 dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
1037 dcerpc endpoint servers = epmapper, remote
1038 dcerpc_remote:interfaces = rpcecho
1041 path = /tmp/_ignore_cifs_to_dc_/_none_
1043 ntvfs handler = cifs
1044 cifs:server = $dcvars->{SERVER}
1046 cifs:use-s4u2proxy = yes
1047 # There is no username specified here, instead the client is expected
1048 # to log in with kerberos, and the serverwill use delegated credentials.
1049 # Or the server tries s4u2self/s4u2proxy to impersonate the client
1053 my $ret = $self->provision($prefix,
1057 "samba.example.com",
1060 $dcvars->{SERVER_IP},
1061 $dcvars->{SERVER_IPV6},
1062 $extra_smbconf_options, "", undef);
1067 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1069 # The joind runs in the context of the rpc_proxy/member for now
1071 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1072 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1073 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1075 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1077 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1078 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
1079 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1080 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
1082 unless (system($cmd) == 0) {
1083 warn("Join failed\n$cmd");
1087 # Setting up delegation runs in the context of the DC for now
1089 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1090 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1091 $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
1092 $cmd .= " $dcvars->{CONFIGURATION}";
1095 unless (system($cmd) == 0) {
1096 warn("Delegation failed\n$cmd");
1100 # Setting up delegation runs in the context of the DC for now
1102 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1103 $cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
1104 $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
1105 $cmd .= " $dcvars->{CONFIGURATION}";
1107 unless (system($cmd) == 0) {
1108 warn("Delegation failed\n$cmd");
1112 $ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
1113 $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
1114 $ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6};
1115 $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
1116 $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
1117 $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
1119 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1120 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1121 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1122 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1123 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1124 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1129 sub provision_promoted_dc($$$)
1131 my ($self, $prefix, $dcvars) = @_;
1132 print "PROVISIONING PROMOTED DC...\n";
1134 # We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
1135 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1138 "samba.example.com",
1140 $dcvars->{PASSWORD},
1141 $dcvars->{SERVER_IP},
1142 $dcvars->{SERVER_IPV6});
1144 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1146 $ctx->{smb_conf_extra_options} = "
1148 server max protocol = SMB2
1151 path = $ctx->{statedir}/sysvol
1155 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1160 my $ret = $self->provision_raw_step1($ctx);
1165 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1167 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1168 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1169 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1171 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1173 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1174 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
1175 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1176 $cmd .= " --machinepass=machine$ret->{PASSWORD}";
1178 unless (system($cmd) == 0) {
1179 warn("Join failed\n$cmd");
1183 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1185 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1186 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1187 $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1188 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1189 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
1191 unless (system($cmd) == 0) {
1192 warn("Join failed\n$cmd");
1196 $ret->{PROMOTED_DC_SERVER} = $ret->{SERVER};
1197 $ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP};
1198 $ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1199 $ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1201 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1202 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1203 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1204 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1205 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1206 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1211 sub provision_vampire_dc($$$)
1213 my ($self, $prefix, $dcvars) = @_;
1214 print "PROVISIONING VAMPIRE DC...\n";
1216 # We do this so that we don't run the provision. That's the job of 'net vampire'.
1217 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1220 "samba.example.com",
1222 $dcvars->{PASSWORD},
1223 $dcvars->{SERVER_IP},
1224 $dcvars->{SERVER_IPV6});
1226 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1228 $ctx->{smb_conf_extra_options} = "
1230 server max protocol = SMB2
1233 path = $ctx->{statedir}/sysvol
1237 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1242 my $ret = $self->provision_raw_step1($ctx);
1247 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1249 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1250 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1251 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1253 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1255 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1256 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
1257 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
1258 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1260 unless (system($cmd) == 0) {
1261 warn("Join failed\n$cmd");
1265 $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
1266 $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
1267 $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1268 $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1270 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1271 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1272 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1273 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1274 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1275 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1276 $ret->{DC_REALM} = $dcvars->{DC_REALM};
1281 sub provision_subdom_dc($$$)
1283 my ($self, $prefix, $dcvars) = @_;
1284 print "PROVISIONING SUBDOMAIN DC...\n";
1286 # We do this so that we don't run the provision. That's the job of 'net vampire'.
1287 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1290 "sub.samba.example.com",
1292 $dcvars->{PASSWORD},
1295 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1297 $ctx->{smb_conf_extra_options} = "
1299 server max protocol = SMB2
1302 path = $ctx->{statedir}/sysvol
1306 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1311 my $ret = $self->provision_raw_step1($ctx);
1316 Samba::mk_krb5_conf($ctx);
1318 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1320 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1321 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1322 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1324 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1326 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1327 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
1328 $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
1329 $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
1330 $cmd .= " --adminpass=$ret->{PASSWORD}";
1332 unless (system($cmd) == 0) {
1333 warn("Join failed\n$cmd");
1337 $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
1338 $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
1339 $ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1340 $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1342 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1343 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1344 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1345 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1346 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1347 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1352 sub provision_ad_dc_ntvfs($$)
1354 my ($self, $prefix) = @_;
1356 # We keep the old 'winbind' name here in server services to
1357 # ensure upgrades which used that name still work with the now
1360 print "PROVISIONING AD DC (NTVFS)...\n";
1361 my $extra_conf_options = "netbios aliases = localDC1-a
1362 server services = +winbind -winbindd
1363 ldap server require strong auth = allow_sasl_over_tls
1365 my $ret = $self->provision($prefix,
1366 "domain controller",
1369 "samba.example.com",
1374 $extra_conf_options,
1381 unless($self->add_wins_config("$prefix/private")) {
1382 warn("Unable to add wins configuration");
1385 $ret->{NETBIOSALIAS} = "localdc1-a";
1386 $ret->{DC_SERVER} = $ret->{SERVER};
1387 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1388 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1389 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1390 $ret->{DC_USERNAME} = $ret->{USERNAME};
1391 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1392 $ret->{DC_REALM} = $ret->{REALM};
1397 sub provision_fl2000dc($$)
1399 my ($self, $prefix) = @_;
1401 print "PROVISIONING DC WITH FOREST LEVEL 2000...\n";
1402 my $extra_conf_options = "
1403 spnego:simulate_w2k=yes
1404 ntlmssp_server:force_old_spnego=yes
1406 my $ret = $self->provision($prefix,
1407 "domain controller",
1410 "samba2000.example.com",
1415 $extra_conf_options,
1422 unless($self->add_wins_config("$prefix/private")) {
1423 warn("Unable to add wins configuration");
1426 $ret->{DC_SERVER} = $ret->{SERVER};
1427 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1428 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1429 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1430 $ret->{DC_USERNAME} = $ret->{USERNAME};
1431 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1432 $ret->{DC_REALM} = $ret->{REALM};
1437 sub provision_fl2003dc($$$)
1439 my ($self, $prefix, $dcvars) = @_;
1440 my $swiface1 = Samba::get_interface("fakednsforwarder1");
1441 my $swiface2 = Samba::get_interface("fakednsforwarder2");
1443 print "PROVISIONING DC WITH FOREST LEVEL 2003...\n";
1444 my $extra_conf_options = "allow dns updates = nonsecure and secure
1445 dns forwarder = 127.0.0.$swiface1 127.0.0.$swiface2";
1446 my $ret = $self->provision($prefix,
1447 "domain controller",
1450 "samba2003.example.com",
1455 $extra_conf_options,
1458 unless (defined $ret) {
1462 $ret->{DC_SERVER} = $ret->{SERVER};
1463 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1464 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1465 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1466 $ret->{DC_USERNAME} = $ret->{USERNAME};
1467 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1468 $ret->{DNS_FORWARDER1} = "127.0.0.$swiface1";
1469 $ret->{DNS_FORWARDER2} = "127.0.0.$swiface2";
1471 my @samba_tool_options;
1472 push (@samba_tool_options, Samba::bindir_path($self, "samba-tool"));
1473 push (@samba_tool_options, "domain");
1474 push (@samba_tool_options, "passwordsettings");
1475 push (@samba_tool_options, "set");
1476 push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}");
1477 push (@samba_tool_options, "--min-pwd-age=0");
1478 push (@samba_tool_options, "--history-length=1");
1480 my $samba_tool_cmd = join(" ", @samba_tool_options);
1482 unless (system($samba_tool_cmd) == 0) {
1483 warn("Unable to set min password age to 0: \n$samba_tool_cmd\n");
1487 unless($self->add_wins_config("$prefix/private")) {
1488 warn("Unable to add wins configuration");
1495 sub provision_fl2008r2dc($$$)
1497 my ($self, $prefix, $dcvars) = @_;
1499 print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n";
1500 my $extra_conf_options = "ldap server require strong auth = no";
1501 my $ret = $self->provision($prefix,
1502 "domain controller",
1505 "samba2008R2.example.com",
1510 $extra_conf_options,
1513 unless (defined $ret) {
1517 unless ($self->add_wins_config("$prefix/private")) {
1518 warn("Unable to add wins configuration");
1521 $ret->{DC_SERVER} = $ret->{SERVER};
1522 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1523 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1524 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1525 $ret->{DC_USERNAME} = $ret->{USERNAME};
1526 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1527 $ret->{DC_REALM} = $ret->{REALM};
1533 sub provision_rodc($$$)
1535 my ($self, $prefix, $dcvars) = @_;
1536 print "PROVISIONING RODC...\n";
1538 # We do this so that we don't run the provision. That's the job of 'net join RODC'.
1539 my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
1542 "samba.example.com",
1544 $dcvars->{PASSWORD},
1545 $dcvars->{SERVER_IP},
1546 $dcvars->{SERVER_IPV6});
1551 push (@{$ctx->{provision_options}}, "--use-ntvfs");
1553 $ctx->{share} = "$ctx->{prefix_abs}/share";
1554 push(@{$ctx->{directories}}, "$ctx->{share}");
1556 $ctx->{smb_conf_extra_options} = "
1558 server max protocol = SMB2
1561 path = $ctx->{statedir}/sysvol
1565 path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
1569 path = $ctx->{share}
1571 posix:sharedelay = 10000
1572 posix:oplocktimeout = 3
1573 posix:writetimeupdatedelay = 50000
1577 my $ret = $self->provision_raw_step1($ctx);
1582 my $samba_tool = Samba::bindir_path($self, "samba-tool");
1584 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1585 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1586 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1588 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1590 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1591 $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
1592 $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
1593 $cmd .= " --server=$dcvars->{DC_SERVER} --use-ntvfs";
1595 unless (system($cmd) == 0) {
1596 warn("RODC join failed\n$cmd");
1600 # This ensures deterministic behaviour for tests that want to have the 'testallowed account'
1601 # user password verified on the RODC
1602 my $testallowed_account = "testallowed account";
1603 $cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1604 $cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}";
1605 $cmd .= " --server=$dcvars->{DC_SERVER}";
1607 unless (system($cmd) == 0) {
1608 warn("RODC join failed\n$cmd");
1612 # we overwrite the kdc after the RODC join
1613 # so that use the RODC as kdc and test
1615 $ctx->{kdc_ipv4} = $ret->{SERVER_IP};
1616 $ctx->{kdc_ipv6} = $ret->{SERVER_IPV6};
1617 Samba::mk_krb5_conf($ctx);
1619 $ret->{RODC_DC_SERVER} = $ret->{SERVER};
1620 $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
1621 $ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1622 $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1624 $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
1625 $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
1626 $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
1627 $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
1628 $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
1629 $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
1634 sub read_config_h($)
1638 open(LF, "<$name") or die("unable to read $name: $!");
1641 next if not (/^#define /);
1642 if (/^#define (.*?)[ \t]+(.*?)$/) {
1646 if (/^#define (.*?)[ \t]+$/) {
1655 sub provision_ad_dc($$)
1657 my ($self, $prefix) = @_;
1659 my $prefix_abs = abs_path($prefix);
1661 my $bindir_abs = abs_path($self->{bindir});
1662 my $lockdir="$prefix_abs/lockdir";
1663 my $conffile="$prefix_abs/etc/smb.conf";
1665 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
1666 $require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1");
1670 if (defined($ENV{CONFIG_H})) {
1671 $config_h = read_config_h($ENV{CONFIG_H});
1674 my $password_hash_gpg_key_ids = "password hash gpg key ids = 4952E40301FAB41A";
1675 $password_hash_gpg_key_ids = "" unless defined($config_h->{HAVE_GPGME});
1677 my $extra_smbconf_options = "
1678 server services = -smb +s3fs
1679 xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
1681 dbwrap_tdb_mutexes:* = yes
1684 ${password_hash_gpg_key_ids}
1687 kernel change notify = no
1692 printcap name = /dev/null
1697 smbd:sharedelay = 100000
1698 smbd:writetimeupdatedelay = 500000
1702 dcerpc endpoint servers = -winreg -srvsvc
1704 printcap name = /dev/null
1706 addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile --
1707 deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile --
1710 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
1711 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
1712 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
1713 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
1714 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
1715 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
1716 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
1718 print notify backchannel = yes
1721 my $extra_smbconf_shares = "
1725 smb encrypt = required
1729 case sensitive = yes
1737 hide unreadable = yes
1741 kernel share modes = no
1760 print "PROVISIONING AD DC...\n";
1761 my $ret = $self->provision($prefix,
1762 "domain controller",
1765 "addom.samba.example.com",
1770 $extra_smbconf_options,
1771 $extra_smbconf_shares,
1773 unless (defined $ret) {
1777 unless($self->add_wins_config("$prefix/private")) {
1778 warn("Unable to add wins configuration");
1782 $ret->{DC_SERVER} = $ret->{SERVER};
1783 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1784 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1785 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1786 $ret->{DC_USERNAME} = $ret->{USERNAME};
1787 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1792 sub provision_chgdcpass($$)
1794 my ($self, $prefix) = @_;
1796 print "PROVISIONING CHGDCPASS...\n";
1797 my $extra_provision_options = undef;
1798 # This environment disallows the use of this password
1799 # (and also removes the default AD complexity checks)
1800 my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
1801 push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
1802 my $ret = $self->provision($prefix,
1803 "domain controller",
1806 "chgdcpassword.samba.example.com",
1811 "check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n",
1813 $extra_provision_options);
1814 unless (defined $ret) {
1818 unless($self->add_wins_config("$prefix/private")) {
1819 warn("Unable to add wins configuration");
1823 # Remove secrets.tdb from this environment to test that we
1824 # still start up on systems without the new matching
1825 # secrets.tdb records.
1826 unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) {
1827 warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
1831 $ret->{DC_SERVER} = $ret->{SERVER};
1832 $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
1833 $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
1834 $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
1835 $ret->{DC_USERNAME} = $ret->{USERNAME};
1836 $ret->{DC_PASSWORD} = $ret->{PASSWORD};
1837 $ret->{UNACCEPTABLE_PASSWORD} = $unacceptable_password;
1842 sub teardown_env($$)
1844 my ($self, $envvars) = @_;
1847 # This should cause samba to terminate gracefully
1848 close($envvars->{STDIN_PIPE});
1850 $pid = $envvars->{SAMBA_PID};
1854 # This should give it time to write out the gcov data
1855 until ($count > 30) {
1856 if (Samba::cleanup_child($pid, "samba") == -1) {
1863 if ($count > 30 || kill(0, $pid)) {
1866 until ($count > 40) {
1867 if (Samba::cleanup_child($pid, "samba") == -1) {
1873 # If it is still around, kill it
1874 warn "server process $pid took more than $count seconds to exit, killing\n";
1878 $self->slapd_stop($envvars) if ($self->{ldap});
1880 print $self->getlog_env($envvars);
1887 my ($self, $envvars) = @_;
1888 my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME} pid $envvars->{SAMBA_PID}\n";
1891 open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
1893 seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
1897 $envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
1900 return "" if $out eq $title;
1907 my ($self, $envvars) = @_;
1908 my $samba_pid = $envvars->{SAMBA_PID};
1910 if (not defined($samba_pid)) {
1912 } elsif ($samba_pid > 0) {
1913 my $childpid = Samba::cleanup_child($samba_pid, "samba");
1915 if ($childpid == 0) {
1927 my ($self, $envname, $path) = @_;
1928 my $target3 = $self->{target3};
1930 $ENV{ENVNAME} = $envname;
1932 if (defined($self->{vars}->{$envname})) {
1933 return $self->{vars}->{$envname};
1936 if ($envname eq "ad_dc_ntvfs") {
1937 return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1938 } elsif ($envname eq "fl2000dc") {
1939 return $self->setup_fl2000dc("$path/fl2000dc");
1940 } elsif ($envname eq "fl2003dc") {
1941 if (not defined($self->{vars}->{ad_dc})) {
1942 $self->setup_ad_dc("$path/ad_dc");
1944 return $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{ad_dc});
1945 } elsif ($envname eq "fl2008r2dc") {
1946 if (not defined($self->{vars}->{ad_dc})) {
1947 $self->setup_ad_dc("$path/ad_dc");
1949 return $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{ad_dc});
1950 } elsif ($envname eq "rpc_proxy") {
1951 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1952 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1954 return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{ad_dc_ntvfs});
1955 } elsif ($envname eq "vampire_dc") {
1956 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1957 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1959 return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs});
1960 } elsif ($envname eq "promoted_dc") {
1961 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1962 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1964 return $self->setup_promoted_dc("$path/promoted_dc", $self->{vars}->{ad_dc_ntvfs});
1965 } elsif ($envname eq "subdom_dc") {
1966 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1967 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1969 return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
1970 } elsif ($envname eq "s4member") {
1971 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1972 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1974 return $self->setup_s4member("$path/s4member", $self->{vars}->{ad_dc_ntvfs});
1975 } elsif ($envname eq "rodc") {
1976 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1977 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1979 return $self->setup_rodc("$path/rodc", $self->{vars}->{ad_dc_ntvfs});
1980 } elsif ($envname eq "chgdcpass") {
1981 return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
1982 } elsif ($envname eq "ad_member") {
1983 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1984 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1986 return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29);
1987 } elsif ($envname eq "ad_dc") {
1988 return $self->setup_ad_dc("$path/ad_dc");
1989 } elsif ($envname eq "ad_dc_no_nss") {
1990 return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
1991 } elsif ($envname eq "ad_member_rfc2307") {
1992 if (not defined($self->{vars}->{ad_dc_ntvfs})) {
1993 $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
1995 return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
1996 $self->{vars}->{ad_dc_ntvfs}, 34);
1997 } elsif ($envname eq "none") {
1998 return $self->setup_none("$path/none");
2004 sub setup_s4member($$$)
2006 my ($self, $path, $dc_vars) = @_;
2008 my $env = $self->provision_s4member($path, $dc_vars);
2011 if (not defined($self->check_or_start($env, "standard"))) {
2015 $self->{vars}->{s4member} = $env;
2021 sub setup_rpc_proxy($$$)
2023 my ($self, $path, $dc_vars) = @_;
2025 my $env = $self->provision_rpc_proxy($path, $dc_vars);
2028 if (not defined($self->check_or_start($env, "standard"))) {
2032 $self->{vars}->{rpc_proxy} = $env;
2037 sub setup_ad_dc_ntvfs($$)
2039 my ($self, $path) = @_;
2041 my $env = $self->provision_ad_dc_ntvfs($path);
2043 if (not defined($self->check_or_start($env, "standard"))) {
2044 warn("Failed to start ad_dc_ntvfs");
2048 $self->{vars}->{ad_dc_ntvfs} = $env;
2053 sub setup_chgdcpass($$)
2055 my ($self, $path) = @_;
2057 my $env = $self->provision_chgdcpass($path);
2059 if (not defined($self->check_or_start($env, "standard"))) {
2063 $self->{vars}->{chgdcpass} = $env;
2068 sub setup_fl2000dc($$)
2070 my ($self, $path) = @_;
2072 my $env = $self->provision_fl2000dc($path);
2074 if (not defined($self->check_or_start($env, "standard"))) {
2078 $self->{vars}->{fl2000dc} = $env;
2084 sub setup_fl2003dc($$$)
2086 my ($self, $path, $dc_vars) = @_;
2088 my $env = $self->provision_fl2003dc($path);
2091 if (not defined($self->check_or_start($env, "standard"))) {
2095 $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys");
2097 $self->{vars}->{fl2003dc} = $env;
2102 sub setup_fl2008r2dc($$$)
2104 my ($self, $path, $dc_vars) = @_;
2106 my $env = $self->provision_fl2008r2dc($path);
2109 if (not defined($self->check_or_start($env, "standard"))) {
2113 my $upn_array = ["$env->{REALM}.upn"];
2114 my $spn_array = ["$env->{REALM}.spn"];
2116 $self->setup_namespaces($env, $upn_array, $spn_array);
2118 $env = $self->setup_trust($env, $dc_vars, "forest", "");
2120 $self->{vars}->{fl2008r2dc} = $env;
2126 sub setup_vampire_dc($$$)
2128 my ($self, $path, $dc_vars) = @_;
2130 my $env = $self->provision_vampire_dc($path, $dc_vars);
2133 if (not defined($self->check_or_start($env, "single"))) {
2137 $self->{vars}->{vampire_dc} = $env;
2139 # force replicated DC to update repsTo/repsFrom
2140 # for vampired partitions
2141 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2143 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2144 if (defined($env->{RESOLV_WRAPPER_CONF})) {
2145 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2147 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2149 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2150 $cmd .= " $samba_tool drs kcc -k no $env->{DC_SERVER}";
2151 $cmd .= " $env->{CONFIGURATION}";
2152 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2153 unless (system($cmd) == 0) {
2154 warn("Failed to exec kcc on remote DC\n$cmd");
2158 # as 'vampired' dc may add data in its local replica
2159 # we need to synchronize data between DCs
2160 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2162 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
2163 if (defined($env->{RESOLV_WRAPPER_CONF})) {
2164 $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
2166 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
2168 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2169 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2170 $cmd .= " $dc_vars->{CONFIGURATION}";
2171 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2172 # replicate Configuration NC
2173 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2174 unless(system($cmd_repl) == 0) {
2175 warn("Failed to replicate\n$cmd_repl");
2178 # replicate Default NC
2179 $cmd_repl = "$cmd \"$base_dn\"";
2180 unless(system($cmd_repl) == 0) {
2181 warn("Failed to replicate\n$cmd_repl");
2189 sub setup_promoted_dc($$$)
2191 my ($self, $path, $dc_vars) = @_;
2193 my $env = $self->provision_promoted_dc($path, $dc_vars);
2196 if (not defined($self->check_or_start($env, "single"))) {
2200 $self->{vars}->{promoted_dc} = $env;
2202 # force source and replicated DC to update repsTo/repsFrom
2203 # for vampired partitions
2204 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2206 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2207 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2208 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2209 $cmd .= " $env->{CONFIGURATION}";
2210 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2211 unless (system($cmd) == 0) {
2212 warn("Failed to exec kcc on remote DC\n$cmd");
2216 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2218 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2219 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2220 $cmd .= " $samba_tool drs kcc $env->{SERVER}";
2221 $cmd .= " $env->{CONFIGURATION}";
2222 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2223 unless (system($cmd) == 0) {
2224 warn("Failed to exec kcc on promoted DC\n$cmd");
2228 # as 'vampired' dc may add data in its local replica
2229 # we need to synchronize data between DCs
2230 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2231 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2232 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2233 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}";
2234 $cmd .= " $dc_vars->{CONFIGURATION}";
2235 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2236 # replicate Configuration NC
2237 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2238 unless(system($cmd_repl) == 0) {
2239 warn("Failed to replicate\n$cmd_repl");
2242 # replicate Default NC
2243 $cmd_repl = "$cmd \"$base_dn\"";
2244 unless(system($cmd_repl) == 0) {
2245 warn("Failed to replicate\n$cmd_repl");
2253 sub setup_subdom_dc($$$)
2255 my ($self, $path, $dc_vars) = @_;
2257 my $env = $self->provision_subdom_dc($path, $dc_vars);
2260 if (not defined($self->check_or_start($env, "single"))) {
2264 $self->{vars}->{subdom_dc} = $env;
2266 # force replicated DC to update repsTo/repsFrom
2267 # for primary domain partitions
2268 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2270 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2271 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2272 $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
2273 $cmd .= " $env->{CONFIGURATION}";
2274 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2275 unless (system($cmd) == 0) {
2276 warn("Failed to exec kcc on remote DC\n$cmd");
2280 # as 'subdomain' dc may add data in its local replica
2281 # we need to synchronize data between DCs
2282 my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
2283 my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2284 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2285 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2286 $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
2287 $cmd .= " $dc_vars->{CONFIGURATION}";
2288 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
2289 # replicate Configuration NC
2290 my $cmd_repl = "$cmd \"$config_dn\"";
2291 unless(system($cmd_repl) == 0) {
2292 warn("Failed to replicate\n$cmd_repl");
2295 # replicate Default NC
2296 $cmd_repl = "$cmd \"$base_dn\"";
2297 unless(system($cmd_repl) == 0) {
2298 warn("Failed to replicate\n$cmd_repl");
2308 my ($self, $path, $dc_vars) = @_;
2310 my $env = $self->provision_rodc($path, $dc_vars);
2316 if (not defined($self->check_or_start($env, "single"))) {
2320 my $samba_tool = Samba::bindir_path($self, "samba-tool");
2323 my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
2324 $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
2325 $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
2326 $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}";
2327 $cmd .= " $dc_vars->{CONFIGURATION}";
2328 $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
2329 # replicate Configuration NC
2330 my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
2331 unless(system($cmd_repl) == 0) {
2332 warn("Failed to replicate\n$cmd_repl");
2335 # replicate Default NC
2336 $cmd_repl = "$cmd \"$base_dn\"";
2337 unless(system($cmd_repl) == 0) {
2338 warn("Failed to replicate\n$cmd_repl");
2342 $self->{vars}->{rodc} = $env;
2349 my ($self, $path, $no_nss) = @_;
2351 # If we didn't build with ADS, pretend this env was never available
2352 if (not $self->{target3}->have_ads()) {
2356 my $env = $self->provision_ad_dc($path);
2361 if (defined($no_nss) and $no_nss) {
2362 $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
2363 $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
2366 if (not defined($self->check_or_start($env, "single"))) {
2370 my $upn_array = ["$env->{REALM}.upn"];
2371 my $spn_array = ["$env->{REALM}.spn"];
2373 $self->setup_namespaces($env, $upn_array, $spn_array);
2375 $self->{vars}->{ad_dc} = $env;
2381 my ($self, $path) = @_;
2384 KRB5_CONFIG => abs_path($path) . "/no_krb5.conf",