s3-wintest Add test of 'net use' against the Samba3 member
[garming/samba-autobuild/.git] / wintest / test-s3.py
1 #!/usr/bin/env python
2
3 '''automated testing of Samba3 against windows'''
4
5 import sys, os
6 import optparse
7 import wintest
8
9 def set_libpath(t):
10     t.putenv("LD_LIBRARY_PATH", "${PREFIX}/lib")
11
12 def set_krb5_conf(t):
13     t.run_cmd("mkdir -p ${PREFIX}/etc")
14     t.write_file("${PREFIX}/etc/krb5.conf", 
15                     '''[libdefaults]
16         dns_lookup_realm = false
17         dns_lookup_kdc = true''')
18
19     t.putenv("KRB5_CONFIG", '${PREFIX}/etc/krb5.conf')
20
21 def build_s3(t):
22     '''build samba3'''
23     t.info('Building s3')
24     t.chdir('${SOURCETREE}/source3')
25     t.putenv('CC', 'ccache gcc')
26     t.run_cmd("./autogen.sh")
27     t.run_cmd("./configure -C --prefix=${PREFIX} --enable-developer")
28     t.run_cmd('make basics')
29     t.run_cmd('make -j4')
30     t.run_cmd('rm -rf ${PREFIX}')
31     t.run_cmd('make install')
32
33 def start_s3(t):
34     t.info('Starting Samba3')
35     t.chdir("${PREFIX}")
36     t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
37     t.run_cmd("rm -f var/locks/*.pid")
38     t.run_cmd(['sbin/nmbd', "-D"])
39     t.run_cmd(['sbin/winbindd', "-D"])
40     t.run_cmd(['sbin/smbd', "-D"])
41     t.port_wait("${INTERFACE_IP}", 139)
42
43 def test_wbinfo(t):
44     t.info('Testing wbinfo')
45     t.chdir('${PREFIX}')
46     t.cmd_contains("bin/wbinfo --version", ["Version 3."])
47     t.cmd_contains("bin/wbinfo -p", ["Ping to winbindd succeeded"])
48     t.retry_cmd("bin/wbinfo --online-status",
49                 ["BUILTIN : online",
50                  "${HOSTNAME} : online",
51                  "${WIN_DOMAIN} : online"],
52                 casefold=True)
53     t.cmd_contains("bin/wbinfo -u",
54                    ["${WIN_DOMAIN}/administrator",
55                     "${WIN_DOMAIN}/krbtgt" ],
56                    casefold=True)
57     t.cmd_contains("bin/wbinfo -g",
58                    ["${WIN_DOMAIN}/domain users",
59                     "${WIN_DOMAIN}/domain guests",
60                     "${WIN_DOMAIN}/domain admins"],
61                    casefold=True)
62     t.cmd_contains("bin/wbinfo --name-to-sid administrator",
63                    "S-1-5-.*-500 SID_USER .1",
64                    regex=True)
65     t.cmd_contains("bin/wbinfo --name-to-sid 'domain users'",
66                    "S-1-5-.*-513 SID_DOM_GROUP .2",
67                    regex=True)
68
69     t.retry_cmd("bin/wbinfo --authenticate=${WIN_DOMAIN}/administrator%${WIN_PASS}",
70                 ["plaintext password authentication succeeded",
71                  "challenge/response password authentication succeeded"])
72
73
74 def test_smbclient(t):
75     t.info('Testing smbclient')
76     t.chdir('${PREFIX}')
77     t.cmd_contains("bin/smbclient --version", ["Version 3."])
78     t.cmd_contains('bin/smbclient -L ${INTERFACE_IP} -U%', ["Domain=[${WIN_DOMAIN}]", "test", "IPC$", "Samba 3."],
79                    casefold=True)
80     child = t.pexpect_spawn('bin/smbclient //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%${PASSWORD2}')
81     child.expect("smb:")
82     child.sendline("dir")
83     child.expect("blocks available")
84     child.sendline("mkdir testdir")
85     child.expect("smb:")
86     child.sendline("cd testdir")
87     child.expect('testdir')
88     child.sendline("cd ..")
89     child.sendline("rmdir testdir")
90
91     child = t.pexpect_spawn('bin/smbclient //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%${PASSWORD2} -k')
92     child.expect("smb:")
93     child.sendline("dir")
94     child.expect("blocks available")
95     child.sendline("mkdir testdir")
96     child.expect("smb:")
97     child.sendline("cd testdir")
98     child.expect('testdir')
99     child.sendline("cd ..")
100     child.sendline("rmdir testdir")
101
102 def create_shares(t):
103     t.info("Adding test shares")
104     t.chdir('${PREFIX}')
105     t.write_file("lib/smb.conf", '''
106 [test]
107        path = ${PREFIX}/test
108        read only = no
109        ''',
110                  mode='a')
111     t.run_cmd("mkdir -p test")
112
113
114 def prep_join_as_member(t, vm):
115     '''prepare to join a windows domain as a member server'''
116     t.setwinvars(vm)
117     t.info("Starting VMs for joining ${WIN_VM} as a member using net ads join")
118     t.chdir('${PREFIX}')
119     t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
120     t.vm_poweroff("${WIN_VM}", checkfail=False)
121     t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
122     child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
123     t.get_ipconfig(child)
124     t.del_files(["var", "private"])
125     t.write_file("lib/smb.conf", '''
126 [global]
127         netbios name = ${HOSTNAME}
128         log level = ${DEBUGLEVEL}
129         realm = ${WIN_REALM}
130         workgroup = ${WIN_DOMAIN}
131         security = ADS
132         bind interfaces only = yes
133         interfaces = ${INTERFACE}
134         winbind separator = /
135         idmap uid = 1000000-2000000
136         idmap gid = 1000000-2000000
137         winbind enum users = yes
138         winbind enum groups = yes
139         max protocol = SMB2
140         map hidden = no
141         map system = no
142         ea support = yes
143         panic action = xterm -e gdb --pid %d
144     ''')
145
146 def join_as_member(t, vm):
147     '''join a windows domain as a member server'''
148     t.setwinvars(vm)
149     t.info("Joining ${WIN_VM} as a member using net ads join")
150     t.port_wait("${WIN_IP}", 389)
151     t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
152     t.cmd_contains("bin/net ads join -Uadministrator%${WIN_PASS}", ["Joined"])
153     t.cmd_contains("bin/net ads testjoin", ["Join is OK"])
154     t.cmd_contains("bin/net ads dns register ${HOSTNAME}.${WIN_REALM} -P", ["Successfully registered hostname with DNS"])
155     t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}",
156                  ['${HOSTNAME}.${WIN_REALM} has address'])
157
158 def create_root_account(t, vm):
159     t.setwinvars(vm)
160     t.info("Creating 'root' account for testing Samba3 member server")
161     t.chdir('${PREFIX}')
162     t.run_cmd('bin/net ads user add root -Uadministrator%${WIN_PASS}')
163     child = t.pexpect_spawn('bin/net ads password root -Uadministrator%${WIN_PASS}')
164     child.expect("Enter new password for root")
165     child.sendline("${PASSWORD2}")
166     child.expect("Password change for ");
167     child.expect(" completed")
168     child = t.pexpect_spawn('bin/net rpc shell -S ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}')
169     child.expect("net rpc>")
170     child.sendline("user edit disabled root no")
171     child.expect("Set root's disabled flag")
172
173 def test_join_as_member(t, vm):
174     '''test the domain join'''
175     t.setwinvars(vm)
176     t.info('Testing join as member')
177     t.chdir('${PREFIX}')
178     test_wbinfo(t)
179     test_smbclient(t)
180
181
182 def test_s3(t):
183     '''basic s3 testing'''
184
185     t.setvar("SAMBA_VERSION", "Version 3")
186     t.check_prerequesites()
187     set_libpath(t)
188
189     if not t.skip("configure_bind"):
190         t.configure_bind()
191     if not t.skip("stop_bind"):
192         t.stop_bind()
193     if not t.skip("stop_vms"):
194         t.stop_vms()
195
196     if not t.skip("build"):
197         build_s3(t)
198
199     set_krb5_conf(t)
200     if not t.skip("configure_bind2"):
201         t.configure_bind()
202     if not t.skip("start_bind"):
203         t.start_bind()
204
205     dc_started = False
206     if t.have_var('W2K8R2A_VM') and not t.skip("join_w2k8r2"):
207         t.start_winvm('W2K8R2A')
208         dc_started = True
209         prep_join_as_member(t, "W2K8R2A")
210         t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
211         join_as_member(t, "W2K8R2A")
212         create_shares(t)
213         start_s3(t)
214         create_root_account(t, "W2K8R2A")
215         test_join_as_member(t, "W2K8R2A")
216
217     if t.have_var('WINDOWS7_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_windows7_2008r2"):
218         if not dc_started:
219             t.start_winvm('W2K8R2A')
220             t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
221             dc_started = True
222         else:
223             t.setwinvars('W2K8R2A')
224         realm = t.getvar("WIN_REALM")
225         dom_username = t.getvar("WIN_USER")
226         dom_password = t.getvar("WIN_PASS")
227         dom_realm = t.getvar("WIN_REALM")
228         t.start_winvm('WINDOWS7')
229         t.test_remote_smbclient("WINDOWS7")
230         t.run_winjoin('WINDOWS7', realm, username=dom_username, password=dom_password)
231         t.test_remote_smbclient("WINDOWS7", dom_username, dom_password)
232         t.test_remote_smbclient('WINDOWS7', dom_username, dom_password, args='--option=clientntlmv2auth=no')
233         t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
234         t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --option=clientusespnegoprincipal=yes")
235         t.test_net_use('WINDOWS7', t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
236
237     if t.have_var('WINXP_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_winxp_2008r2"):
238         if not dc_started:
239             t.start_winvm('W2K8R2A')
240             t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
241             dc_started = True
242         else:
243             t.setwinvars('W2K8R2A')
244         realm = t.getvar("WIN_REALM")
245         dom_username = t.getvar("WIN_USER")
246         dom_password = t.getvar("WIN_PASS")
247         dom_realm = t.getvar("WIN_REALM")
248         t.start_winvm('WINXP')
249         t.run_winjoin('WINXP', realm, username=dom_username, password=dom_password)
250         t.test_remote_smbclient('WINXP', dom_username, dom_password)
251         t.test_remote_smbclient('WINXP', dom_username, dom_password, args='--option=clientntlmv2auth=no')
252         t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
253         t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --clientusespnegoprincipal=yes")
254         t.test_net_use('WINXP', t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
255
256     t.info("S3 test: All OK")
257
258
259 def test_cleanup(t):
260     '''cleanup after tests'''
261     t.info("Cleaning up ...")
262     t.restore_resolv_conf()
263     if getattr(t, 'bind_child', False):
264         t.bind_child.kill()
265
266
267 if __name__ == '__main__':
268     t = wintest.wintest()
269
270     t.setup("test-s3.py", "source3")
271
272     try:
273         test_s3(t)
274     except:
275         if not t.opts.nocleanup:
276             test_cleanup(t)
277         raise
278
279     if not t.opts.nocleanup:
280         test_cleanup(t)
281     t.info("S3 test: All OK")