git.samba.org / jra / samba / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct
[jra/samba/.git] / source4 / script / tests / mktestsetup.sh
1 #!/bin/sh
2
3 if [ $# -lt 1 ]
4 then
5         echo "$0 PREFIX"
6         exit 1
7 fi
8
9 PREFIX=$1
10
11 if test -z "$TLS_ENABLED"; then
12         TLS_ENABLED=false
13 fi
14
15 if test -z "$SHARE_BACKEND"; then
16         SHARE_BACKEND=classic
17 fi
18
19 if test -z "$SMBD_LOGLEVEL"; then
20         SMBD_LOGLEVEL=1
21 fi
22
23 DOMAIN=SAMBADOMAIN
24 USERNAME=administrator
25 REALM=SAMBA.EXAMPLE.COM
26 DNSNAME="samba.example.com"
27 BASEDN="dc=samba,dc=example,dc=com"
28 PASSWORD=penguin
29 AUTH="-U$USERNAME%$PASSWORD"
30 SRCDIR=`pwd`
31 ROOT=$USER
32 SERVER=localhost
33 NETBIOSNAME=localtest
34 if test -z "$ROOT"; then
35     ROOT=$LOGNAME
36 fi
37 if test -z "$ROOT"; then
38     ROOT=`whoami`
39 fi
40
41 oldpwd=`pwd`
42 srcdir=`dirname $0`/../..
43 mkdir -p $PREFIX || exit $?
44 cd $PREFIX
45 PREFIX_ABS=`pwd`
46 export PREFIX_ABS
47 cd $oldpwd
48
49 TEST_DATA_PREFIX=$PREFIX_ABS
50 export TEST_DATA_PREFIX
51
52 TMPDIR=$PREFIX_ABS/tmp
53 ETCDIR=$PREFIX_ABS/etc
54 PIDDIR=$PREFIX_ABS/pid
55 CONFFILE=$ETCDIR/smb.conf
56 KRB5_CONFIG=$ETCDIR/krb5.conf
57 PRIVATEDIR=$PREFIX_ABS/private
58 NCALRPCDIR=$PREFIX_ABS/ncalrpc
59 LOCKDIR=$PREFIX_ABS/lockdir
60 TLSDIR=$PRIVATEDIR/tls
61 DHFILE=$TLSDIR/dhparms.pem
62 CAFILE=$TLSDIR/ca.pem
63 CERTFILE=$TLSDIR/cert.pem
64 KEYFILE=$TLSDIR/key.pem
65 WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
66 CONFIGURATION="--configfile=$CONFFILE"
67 LDAPDIR=$PREFIX_ABS/ldap
68 SLAPD_CONF=$LDAPDIR/slapd.conf
69 export CONFIGURATION
70 export CONFFILE
71 export SLAPD_CONF
72 export PIDDIR
73 export AUTH
74 export SERVER
75 export NETBIOSNAME
76
77 rm -rf $PREFIX/*
78 mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR $LDAPDIR/db $LDAPDIR/db/bdb-logs $LDAPDIR/db/tmp
79
80 if [ -z "$VALGRIND" ]; then
81     nativeiconv="true"
82 else
83     nativeiconv="false"
84 fi
85
86 cat >$CONFFILE<<EOF
87 [global]
88         iconv:native = $nativeiconv
89         netbios name = $NETBIOSNAME
90         netbios aliases = $SERVER
91         workgroup = $DOMAIN
92         realm = $REALM
93         private dir = $PRIVATEDIR
94         pid directory = $PIDDIR
95         ncalrpc dir = $NCALRPCDIR
96         lock dir = $LOCKDIR
97         share backend = $SHARE_BACKEND
98         setup directory = $SRCDIR/setup
99         js include = $SRCDIR/scripting/libjs
100         winbindd socket directory = $WINBINDD_SOCKET_DIR
101         name resolve order = bcast
102         interfaces = 127.0.0.1/8
103         tls enabled = $TLS_ENABLED
104         tls dh params file = $DHFILE
105         panic action = $SRCDIR/script/gdb_backtrace %PID% %PROG%
106         wins support = yes
107         server role = domain controller
108         max xmit = 32K
109         server max protocol = SMB2
110         notify:inotify = false
111         ldb:nosync = true
112         torture:subunitdir = $SRCDIR/bin/torture
113         torture:basedir = $TEST_DATA_PREFIX
114
115         system:anonymous = true
116 #We don't want to pass our self-tests if the PAC code is wrong
117         gensec:require_pac = true
118
119         log level = $SMBD_LOGLEVEL
120
121 [tmp]
122         path = $TMPDIR
123         read only = no
124         ntvfs handler = posix
125         posix:sharedelay = 100000
126         posix:eadb = $LOCKDIR/eadb.tdb
127
128 [cifs]
129         read only = no
130         ntvfs handler = cifs
131         cifs:server = $SERVER
132         cifs:user = $USERNAME
133         cifs:password = $PASSWORD
134         cifs:domain = $DOMAIN
135         cifs:share = tmp
136
137 [simple]
138         path = $TMPDIR
139         read only = no
140         ntvfs handler = simple
141
142 [cifsposixtestshare]
143         read only = no
144         ntvfs handler = cifsposix   
145         path = $TMPDIR
146 EOF
147
148 ## Override default srahes_config.ldb file
149 rm -f $PRIVATEDIR/share.ldb
150 cat >$PRIVATEDIR/share.ldif<<EOF
151 ### Shares basedn
152 dn: @INDEXLIST
153 @IDXATTR: name
154
155 dn: @ATTRIBUTES
156 cn: CASE_INSENSITIVE
157 dc: CASE_INSENSITIVE
158 name: CASE_INSENSITIVE
159 dn: CASE_INSENSITIVE
160 objectClass: CASE_INSENSITIVE
161
162 dn: CN=Shares
163 objectClass: top
164 objectClass: organizationalUnit
165 cn: Shares
166
167 ### Default IPC$ Share
168 dn: CN=IPC$,CN=Shares
169 objectClass: top
170 objectClass: share
171 cn: IPC$
172 name: IPC$
173 type: IPC
174 path: /tmp
175 comment: Remote IPC
176 max-connections: -1
177 available: True
178 readonly: True
179 browseable: False
180 ntvfs-handler: default
181
182 ### Default ADMIN$ Share
183 dn: CN=ADMIN$,CN=Shares
184 objectClass: top
185 objectClass: share
186 cn: ADMIN$
187 name: ADMIN$
188 type: DISK
189 path: /tmp
190 comment: Remote Admin
191 max-connections: -1
192 available: True
193 readonly: True
194 browseable: False
195 ntvfs-handler: default
196
197 dn: CN=tmp,CN=Shares
198 objectClass: top
199 objectClass: share
200 cn: tmp
201 name: tmp
202 type: DISK
203 path: $TMPDIR
204 comment: Temp Dir for Tests
205 readonly: False
206 ntvfs-handler: posix
207 posix-sharedelay: 100000
208 posix-eadb: $LOCKDIR/eadb.tdb
209
210 dn: CN=cifs,CN=Shares
211 objectClass: top
212 objectClass: share
213 cn: cifs
214 name: cifs
215 type: DISK
216 readonly: False
217 ntvfs-handler: cifs
218 cifs-server: $SERVER
219 cifs-user: $USERNAME
220 cifs-password: $PASSWORD
221 cifs-domain: $DOMAIN
222 cifs-share: tmp
223 EOF
224
225 $srcdir/bin/ldbadd -H $PRIVATEDIR/share.ldb < $PRIVATEDIR/share.ldif >/dev/null || exit 1
226
227 cat >$KRB5_CONFIG<<EOF
228 [libdefaults]
229  default_realm = SAMBA.EXAMPLE.COM
230  dns_lookup_realm = false
231  dns_lookup_kdc = false
232  ticket_lifetime = 24h
233  forwardable = yes
234
235 [realms]
236  SAMBA.EXAMPLE.COM = {
237   kdc = 127.0.0.1:88
238   admin_server = 127.0.0.1:88
239   default_domain = samba.example.com
240  }
241 [domain_realm]
242  .samba.example.com = SAMBA.EXAMPLE.COM
243 EOF
244 export KRB5_CONFIG
245
246 cat >$DHFILE<<EOF 
247 -----BEGIN DH PARAMETERS-----
248 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
249 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
250 YX70obsCAQI=
251 -----END DH PARAMETERS-----
252
253 EOF
254
255 cat >$CAFILE<<EOF
256 -----BEGIN CERTIFICATE-----
257 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
258 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
259 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
260 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
261 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
262 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
263 jAAwgYgCgYC3WJ7DNQAVnqiJxhf6Tq4pqNyUIlioDFNnkJZ6ycElhblyDb3vaagO
264 9c+saw3cl/4KGWBZK46HtimRApE6ZriV7yHSB4afVjhnHZvlQVccAuTKJatBpIeb
265 kenOX0boUVXrWWj6VVnseab+5nA+uPZQQHinRLEVhUn72I14YdKJOQIDAQABoyUw
266 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
267 BQOBgQA5IVkBXU2S4i3dSSM9KmdKJinok1IOGNLZYQSyzduuie9vTmGXCQiQppWb
268 oSjZaf/Zn8La8THvm4QfmwruPkTEL956BRyN9hHYwHWZsebJr7DvSrF1Zugd0jFs
269 DZZFfDUSinYEqApdYzMka/GYTSk1Fa31G5TVD56mIdxmVAdC+A==
270 -----END CERTIFICATE-----
271
272 EOF
273
274 cat >$CERTFILE<<EOF
275 -----BEGIN CERTIFICATE-----
276 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
277 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
278 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
279 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
280 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
281 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
282 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
283 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
284 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
285 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
286 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
287 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
288 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
289 -----END CERTIFICATE-----
290
291 EOF
292
293 cat >$KEYFILE<<EOF
294 -----BEGIN RSA PRIVATE KEY-----
295 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
296 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
297 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
298 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
299 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
300 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
301 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
302 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
303 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
304 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
305 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
306 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
307 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
308 -----END RSA PRIVATE KEY-----
309
310 EOF
311
312 cat >$SLAPD_CONF <<EOF
313 loglevel 0
314
315 include $LDAPDIR/ad.schema
316
317 pidfile         $PIDDIR/slapd.pid
318 argsfile        $LDAPDIR/slapd.args
319 sasl-realm $DNSNAME
320 access to * by * write
321
322 allow update_anon
323
324 authz-regexp
325           uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth
326           ldap:///$BASEDN??sub?(samAccountName=\$1)
327
328 authz-regexp
329           uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
330           ldap:///$BASEDN??sub?(samAccountName=\$1)
331
332 include $LDAPDIR/modules.conf
333
334 defaultsearchbase "$BASEDN"
335
336 backend         bdb
337 database        bdb
338 suffix          "$BASEDN"
339 rootdn          "cn=Manager,$BASEDN"
340 rootpw          $PASSWORD
341 directory       $LDAPDIR/db
342 index           objectClass eq
343 index           samAccountName eq
344 index name eq
345 index objectSid eq
346 index objectCategory eq
347 index member eq
348 index uidNumber eq
349 index gidNumber eq
350 index unixName eq
351 index privilege eq
352 index nCName eq pres
353 index lDAPDisplayName eq
354 index subClassOf eq
355 index dnsRoot eq
356 index nETBIOSName eq pres
357
358 overlay syncprov
359 syncprov-checkpoint 100 10
360 syncprov-sessionlog 100
361
362 EOF
363
364 cat > $LDAPDIR/db/DB_CONFIG <<EOF
365 #
366         # Set the database in memory cache size.
367         #
368         set_cachesize   0       524288        0
369         
370         
371         #
372         # Set database flags (this is a test environment, we don't need to fsync()).
373         #               
374         set_flags       DB_TXN_NOSYNC
375         
376         #
377         # Set log values.
378         #
379         set_lg_regionmax        104857
380         set_lg_max              1048576
381         set_lg_bsize            209715
382         set_lg_dir              $LDAPDIR/db/bdb-logs
383         
384         
385         #
386         # Set temporary file creation directory.
387         #                       
388         set_tmp_dir             $LDAPDIR/db/tmp
389 EOF
390
391 PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1"
392 PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM"
393 PROVISION_OPTIONS="$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT"
394 PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT"
395 $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS
396
397 LDAPI="ldapi://$LDAPDIR/ldapi"
398 LDAPI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'`
399 export LDAPI
400 export LDAPI_ESCAPE
401
402 #This uses the provision we just did, to read out the schema
403 $srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema
404 #Now create an LDAP baseDN
405 $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-base
406
407 OLDPATH=$PATH
408 PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
409 export PATH
410
411 MODCONF=$LDAPDIR/modules.conf
412 rm -f $MODCONF
413 touch $MODCONF
414
415 slaptest -u -f $SLAPD_CONF > /dev/null 2>&1 || {
416     echo "enabling slapd modules"
417     cat > $MODCONF <<EOF 
418 modulepath      /usr/lib/ldap
419 moduleload      back_bdb
420 EOF
421 }
422
423 if slaptest -u -f $SLAPD_CONF; then
424     slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif || {
425         echo "slapadd failed"
426     }
427
428     slaptest -f $SLAPD_CONF || {
429         echo "slaptest after database load failed"
430     }
431 fi
432     
433 PATH=$OLDPATH
434 export PATH
435
436
437 cat >$PRIVATEDIR/wins_config.ldif<<EOF
438 dn: name=TORTURE_6,CN=PARTNERS
439 objectClass: wreplPartner
440 name: TORTURE_6
441 address: 127.0.0.6
442 pullInterval: 0
443 pushChangeCount: 0
444 type: 0x3
445 EOF
446
447 $srcdir/bin/ldbadd -H $PRIVATEDIR/wins_config.ldb < $PRIVATEDIR/wins_config.ldif >/dev/null || exit 1
448
Experimental branches for jra