winbindd: use add_trusted_domain_from_auth

[bbaumbach/samba-autobuild/.git] / selftest / selftest.pl

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index fb6f127fbdd348bb8beb73a115d4125d87e977b9..ff19d5975cccb7b2aefc74651196f2639136f46c 100755 (executable)
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -27,6 +27,7 @@ use Cwd qw(abs_path);
 use lib "$RealBin";
 use Subunit;
 use SocketWrapper;
+use target::Samba;
 
 eval {
 require Time::HiRes;
@@ -46,11 +47,13 @@ my $opt_random_order = 0;
 my $opt_one = 0;
 my @opt_exclude = ();
 my @opt_include = ();
+my @opt_exclude_env = ();
+my @opt_include_env = ();
 my $opt_testenv = 0;
 my $opt_list = 0;
+my $opt_mitkrb5 = 0;
 my $ldap = undef;
 my $opt_resetup_env = undef;
-my $opt_binary_mapping = "";
 my $opt_load_list = undef;
 my $opt_libnss_wrapper_so_path = "";
 my $opt_libresolv_wrapper_so_path = "";
@@ -142,10 +145,13 @@ sub run_testsuite($$$$$)
        Subunit::progress_pop();
 
        if ($? == -1) {
-               Subunit::progress_pop();
+               print "command: $cmd\n";
+               printf "expanded command: %s\n", expand_environment_strings($cmd);
                Subunit::end_testsuite($name, "error", "Unable to run $cmd: $!");
                exit(1);
        } elsif ($? & 127) {
+               print "command: $cmd\n";
+               printf "expanded command: %s\n", expand_environment_strings($cmd);
                Subunit::end_testsuite($name, "error",
                        sprintf("%s died with signal %d, %s coredump\n", $cmd, ($? & 127),  ($? & 128) ? 'with' : 'without'));
                exit(1);
@@ -186,7 +192,7 @@ sub ShowHelp()
 Copyright (C) Jelmer Vernooij <jelmer\@samba.org>
 Copyright (C) Stefan Metzmacher <metze\@samba.org>
 
-Usage: $Script [OPTIONS] TESTNAME-REGEX
+Usage: $Script [OPTIONS] TESTNAME-REGEX [TESTNAME-REGEX...]
 
 Generic options:
  --help                     this help page
@@ -194,6 +200,8 @@ Generic options:
  --testlist=FILE            file to read available tests from
  --exclude=FILE             Exclude tests listed in the file
  --include=FILE             Include tests listed in the file
+ --exclude-env=ENV          Exclude tests for the specified environment
+ --include-env=ENV          Include tests for the specified environment
 
 Paths:
  --prefix=DIR               prefix to run tests in [st]
@@ -239,16 +247,18 @@ my $result = GetOptions (
                'one' => \$opt_one,
                'exclude=s' => \@opt_exclude,
                'include=s' => \@opt_include,
+               'exclude-env=s' => \@opt_exclude_env,
+               'include-env=s' => \@opt_include_env,
                'srcdir=s' => \$srcdir,
                'bindir=s' => \$bindir,
                'testenv' => \$opt_testenv,
                'list' => \$opt_list,
+               'mitkrb5' => \$opt_mitkrb5,
                'ldap:s' => \$ldap,
                'resetup-environment' => \$opt_resetup_env,
                'testlist=s' => \@testlists,
                'random-order' => \$opt_random_order,
                'load-list=s' => \$opt_load_list,
-               'binary-mapping=s' => \$opt_binary_mapping,
                'nss_wrapper_so_path=s' => \$opt_libnss_wrapper_so_path,
                'resolv_wrapper_so_path=s' => \$opt_libresolv_wrapper_so_path,
                'socket_wrapper_so_path=s' => \$opt_libsocket_wrapper_so_path,
@@ -305,8 +315,11 @@ die("using an empty prefix isn't allowed") unless $prefix ne "";
 # permissions on this as some subdirectories in this tree will have
 # wider permissions (ie 0777) and this would allow other users on the
 # host to subvert the test process.
+umask 0077;
 mkdir($prefix, 0700) unless -d $prefix;
 chmod 0700, $prefix;
+# We need to have no umask limitations for the tests.
+umask 0000;
 
 my $prefix_abs = abs_path($prefix);
 my $tmpdir_abs = abs_path("$prefix/tmp");
@@ -317,11 +330,13 @@ my $srcdir_abs = abs_path($srcdir);
 die("using an empty absolute prefix isn't allowed") unless $prefix_abs ne "";
 die("using '/' as absolute prefix isn't allowed") unless $prefix_abs ne "/";
 
+$ENV{SAMBA_SELFTEST} = "1";
+
 $ENV{PREFIX} = $prefix;
-$ENV{KRB5CCNAME} = "$prefix/krb5ticket";
 $ENV{PREFIX_ABS} = $prefix_abs;
 $ENV{SRCDIR} = $srcdir;
 $ENV{SRCDIR_ABS} = $srcdir_abs;
+$ENV{GNUPGHOME} = "$srcdir_abs/selftest/gnupg";
 $ENV{BINDIR} = $bindir_abs;
 
 my $tls_enabled = not $opt_quick;
@@ -413,35 +428,36 @@ if ($opt_use_dns_faking) {
 my $target;
 my $testenv_default = "none";
 
-my %binary_mapping = ();
-if ($opt_binary_mapping) {
-    my @binmapping_list = split(/,/, $opt_binary_mapping);
-    foreach my $mapping (@binmapping_list) {
-       my ($bin, $map) = split(/\:/, $mapping);
-       $binary_mapping{$bin} = $map;
-    }
+if ($opt_mitkrb5 == 1) {
+       $ENV{MITKRB5} = $opt_mitkrb5;
 }
 
-$ENV{BINARY_MAPPING} = $opt_binary_mapping;
-
 # After this many seconds, the server will self-terminate.  All tests
 # must terminate in this time, and testenv will only stay alive this
 # long
 
-my $server_maxtime = 9000;
+my $server_maxtime;
+if ($opt_testenv) {
+    # 1 year should be enough :-)
+    $server_maxtime = 365 * 24 * 60 * 60;
+} else {
+    # make test should run under 5 hours
+    $server_maxtime = 5 * 60 * 60;
+}
+
 if (defined($ENV{SMBD_MAXTIME}) and $ENV{SMBD_MAXTIME} ne "") {
     $server_maxtime = $ENV{SMBD_MAXTIME};
 }
 
 unless ($opt_list) {
        if ($opt_target eq "samba") {
-               $testenv_default = "ad_dc_ntvfs";
+               $testenv_default = "ad_dc";
                require target::Samba;
-               $target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $server_maxtime);
+               $target = new Samba($bindir, $ldap, $srcdir, $server_maxtime);
        } elsif ($opt_target eq "samba3") {
-               $testenv_default = "member";
+               $testenv_default = "nt4_member";
                require target::Samba3;
-               $target = new Samba3($bindir, \%binary_mapping, $srcdir_abs, $server_maxtime);
+               $target = new Samba3($bindir, $srcdir_abs, $server_maxtime);
        }
 }
 
@@ -496,6 +512,12 @@ sub write_clientconf($$$)
                mkdir("$clientdir/private", 0777);
        }
 
+       if ( -d "$clientdir/bind-dns" ) {
+               unlink <$clientdir/bind-dns/*>;
+       } else {
+               mkdir("$clientdir/bind-dns", 0777);
+       }
+
        if ( -d "$clientdir/lockdir" ) {
                unlink <$clientdir/lockdir/*>;
        } else {
@@ -529,6 +551,42 @@ sub write_clientconf($$$)
        mkdir("$clientdir/ncalrpcdir", 0755);
        umask $mask;
 
+       my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
+       my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
+       my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
+       my $ca_users_dir = "$cadir/Users";
+
+       if ( -d "$clientdir/pkinit" ) {
+               unlink <$clientdir/pkinit/*>;
+       } else {
+               mkdir("$clientdir/pkinit", 0700);
+       }
+
+       # each user has a USER-${USER_PRINCIPAL_NAME}-cert.pem and
+       # USER-${USER_PRINCIPAL_NAME}-private-key.pem symlink
+       # We make a copy here and make the certificated easily
+       # accessable in the client environment.
+       my $mask = umask;
+       umask 0077;
+       opendir USERS, "${ca_users_dir}" or die "Could not open dir '${ca_users_dir}': $!";
+       for my $d (readdir USERS) {
+               my $user_dir = "${ca_users_dir}/${d}";
+               next if ${d} =~ /^\./;
+               next if (! -d "${user_dir}");
+               opendir USER, "${user_dir}" or die "Could not open dir '${user_dir}': $!";
+               for my $l (readdir USER) {
+                       my $user_link = "${user_dir}/${l}";
+                       next if ${l} =~ /^\./;
+                       next if (! -l "${user_link}");
+
+                       my $dest = "${clientdir}/pkinit/${l}";
+                       Samba::copy_file_content(${user_link}, ${dest});
+               }
+               closedir USER;
+       }
+       closedir USERS;
+       umask $mask;
+
        open(CF, ">$conffile");
        print CF "[global]\n";
        print CF "\tnetbios name = client\n";
@@ -543,6 +601,7 @@ sub write_clientconf($$$)
        }
        print CF "
        private dir = $clientdir/private
+       binddns dir = $clientdir/bind-dns
        lock dir = $clientdir/lockdir
        state directory = $clientdir/statedir
        cache directory = $clientdir/cachedir
@@ -560,6 +619,10 @@ sub write_clientconf($$$)
 #We don't want to run 'speed' tests for very long
         torture:timelimit = 1
         winbind separator = /
+       tls cafile = ${cacert}
+       tls crlfile = ${cacrl_pem}
+       tls verify peer = no_check
+       include system krb5 conf = no
 ";
        close(CF);
 }
@@ -618,6 +681,7 @@ if ($#testlists == -1) {
 
 $ENV{SELFTEST_PREFIX} = "$prefix_abs";
 $ENV{SELFTEST_TMPDIR} = "$tmpdir_abs";
+$ENV{TMPDIR} = "$tmpdir_abs";
 $ENV{TEST_DATA_PREFIX} = "$tmpdir_abs";
 if ($opt_socket_wrapper) {
        $ENV{SELFTEST_INTERFACES} = $interfaces;
@@ -631,6 +695,9 @@ if ($opt_quick) {
 }
 $ENV{SELFTEST_MAXTIME} = $torture_maxtime;
 
+my $selftest_krbt_ccache_path = "$tmpdir_abs/selftest.krb5_ccache";
+$ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.global";
+
 my @available = ();
 foreach my $fn (@testlists) {
        foreach (read_testlist($fn)) {
@@ -730,6 +797,16 @@ my @exported_envvars = (
        "DOMAIN",
        "REALM",
 
+       # stuff related to a trusted domain
+       "TRUST_SERVER",
+       "TRUST_SERVER_IP",
+       "TRUST_SERVER_IPV6",
+       "TRUST_NETBIOSNAME",
+       "TRUST_USERNAME",
+       "TRUST_PASSWORD",
+       "TRUST_DOMAIN",
+       "TRUST_REALM",
+
        # domain controller stuff
        "DC_SERVER",
        "DC_SERVER_IP",
@@ -758,6 +835,13 @@ my @exported_envvars = (
        "VAMPIRE_DC_NETBIOSNAME",
        "VAMPIRE_DC_NETBIOSALIAS",
 
+       # domain controller stuff for FL 2000 Vampired DC
+       "VAMPIRE_2000_DC_SERVER",
+       "VAMPIRE_2000_DC_SERVER_IP",
+       "VAMPIRE_2000_DC_SERVER_IPV6",
+       "VAMPIRE_2000_DC_NETBIOSNAME",
+       "VAMPIRE_2000_DC_NETBIOSALIAS",
+
        "PROMOTED_DC_SERVER",
        "PROMOTED_DC_SERVER_IP",
        "PROMOTED_DC_SERVER_IPV6",
@@ -784,15 +868,22 @@ my @exported_envvars = (
 
        # misc stuff
        "KRB5_CONFIG",
+       "KRB5CCNAME",
        "SELFTEST_WINBINDD_SOCKET_DIR",
-       "WINBINDD_PRIV_PIPE_DIR",
        "NMBD_SOCKET_DIR",
        "LOCAL_PATH",
+       "DNS_FORWARDER1",
+       "DNS_FORWARDER2",
+       "RESOLV_CONF",
+       "UNACCEPTABLE_PASSWORD",
+       "LOCK_DIR",
+       "SMBD_TEST_LOG",
 
        # nss_wrapper
        "NSS_WRAPPER_PASSWD",
        "NSS_WRAPPER_GROUP",
        "NSS_WRAPPER_HOSTS",
+       "NSS_WRAPPER_HOSTNAME",
        "NSS_WRAPPER_MODULE_SO_PATH",
        "NSS_WRAPPER_MODULE_FN_PREFIX",
 
@@ -834,9 +925,9 @@ sub setup_env($$)
 
        $option = "client" if $option eq "";
 
-       if ($envname eq "none") {
-               $testenv_vars = {};
-       } elsif (defined(get_running_env($envname))) {
+       $ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.${envname}/ignore";
+
+       if (defined(get_running_env($envname))) {
                $testenv_vars = get_running_env($envname);
                if (not $testenv_vars->{target}->check_env($testenv_vars)) {
                        print $testenv_vars->{target}->getlog_env($testenv_vars);
@@ -877,6 +968,9 @@ sub setup_env($$)
                }
        }
 
+       my $krb5_ccache_path = "${selftest_krbt_ccache_path}.${envname}.${option}";
+       unlink($krb5_ccache_path);
+       $ENV{KRB5CCNAME} = "FILE:${krb5_ccache_path}";
        return $testenv_vars;
 }
 
@@ -904,7 +998,6 @@ sub getlog_env($)
 sub check_env($)
 {
        my ($envname) = @_;
-       return 1 if ($envname eq "none");
        my $env = get_running_env($envname);
        return $env->{target}->check_env($env);
 }
@@ -1001,13 +1094,39 @@ $envvarstr
                my $cmd = $$_[2];
                my $name = $$_[0];
                my $envname = $$_[1];
+               my ($env_basename, $env_localpart) = split(/:/, $envname);
+               my $envvars = "SKIP";
 
-               my $envvars = setup_env($envname, $prefix);
+               if (@opt_include_env) {
+                   foreach my $env (@opt_include_env) {
+                       if ($env_basename eq $env) {
+                           $envvars = setup_env($envname, $prefix);
+                       }
+                   }
+               } elsif (@opt_exclude_env) {
+                   my $excluded = 0;
+                   foreach my $env (@opt_exclude_env) {
+                       if ($env_basename eq $env) {
+                           $excluded = 1;
+                       }
+                   }
+                   if ($excluded == 0) {
+                       $envvars = setup_env($envname, $prefix);
+                   }
+               } else {
+                   $envvars = setup_env($envname, $prefix);
+               }
+               
                if (not defined($envvars)) {
                        Subunit::start_testsuite($name);
                        Subunit::end_testsuite($name, "error",
                                "unable to set up environment $envname - exiting");
                        next;
+               } elsif ($envvars eq "SKIP") {
+                       Subunit::start_testsuite($name);
+                       Subunit::end_testsuite($name, "skip",
+                               "environment $envname is disabled (via --exclude-env / --include-env command line options) in this test run - skipping");
+                       next;
                } elsif ($envvars eq "UNKNOWN") {
                        Subunit::start_testsuite($name);
                        Subunit::end_testsuite($name, "skip",