}
# Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
- if ($testenv_vars->{SERVER_ROLE} eq "domain controller" and not ($testenv_vars->{NETBIOSNAME} eq "RODC")) {
+ if ($testenv_vars->{SERVER_ROLE} eq "domain controller") {
# Add hosts file for name lookups
$ENV{NSS_WRAPPER_HOSTS} = $testenv_vars->{NSS_WRAPPER_HOSTS};
if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
$ENV{RESOLV_WRAPPER_HOSTS} = $testenv_vars->{RESOLV_WRAPPER_HOSTS};
}
- print "waiting for working LDAP and a RID Set to be allocated\n";
- my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
- my $count = 0;
- my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
- my $rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
- my $max_wait = 60;
- my $cmd = "$ldbsearch $testenv_vars->{CONFIGURATION} -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool";
- while (system("$cmd >/dev/null") != 0) {
- $count++;
- if ($count > $max_wait) {
- warn("Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}");
- $ret = -1;
- last;
+ print "waiting for working LDAP and a RID Set to be allocated\n";
+ my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
+ my $count = 0;
+ my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM}));
+
+ my $search_dn = $base_dn;
+ if ($testenv_vars->{NETBIOSNAME} ne "RODC") {
+ # TODO currently no check for actual rIDAllocationPool
+ $search_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn";
+ }
+ my $max_wait = 60;
+ my $cmd = "$ldbsearch $testenv_vars->{CONFIGURATION} -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$search_dn\"";
+ while (system("$cmd >/dev/null") != 0) {
+ $count++;
+ if ($count > $max_wait) {
+ warn("Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}");
+ $ret = -1;
+ last;
+ }
+ sleep(1);
}
- sleep(1);
- }
}
print $self->getlog_env($testenv_vars);
$ctx->{statedir} = "$prefix_abs/statedir";
$ctx->{cachedir} = "$prefix_abs/cachedir";
$ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
- $ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
$ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
$ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
$ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
state directory = $ctx->{statedir}
cache directory = $ctx->{cachedir}
winbindd socket directory = $ctx->{winbindd_socket_dir}
- winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
winbind separator = /
interfaces = $ctx->{interfaces}
idmap_ldb:use rfc2307=yes
winbind enum users = yes
winbind enum groups = yes
+
+ rpc server port:netlogon = 1026
+
";
print CONFFILE "
return undef;
}
+ # Create to users alice and bob!
+ my $user_account_array = ["alice", "bob"];
+
+ foreach my $user_account (@{$user_account_array}) {
+ my $samba_tool_cmd = "";
+
+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
+ . " user create --configfile=$ctx->{smb_conf} $user_account Secret007";
+ unless (system($samba_tool_cmd) == 0) {
+ warn("Unable to create user: $user_account\n$samba_tool_cmd\n");
+ return undef;
+ }
+ }
+
return $ret;
}
server max protocol = SMB2
host msdfs = $msdfs
lanman auth = yes
- allow nt4 crypto = yes
# fruit:copyfile is a global option
fruit:copyfile = yes
path = $ctx->{share}
vfs objects = catia fruit streams_xattr acl_xattr
ea support = yes
- fruit:ressource = file
+ fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
return $self->provision_raw_step2($ctx, $ret);
}
-sub provision_s4member($$$)
+sub provision_s4member($$$$$)
{
- my ($self, $prefix, $dcvars) = @_;
+ my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_;
print "PROVISIONING MEMBER...\n";
my $extra_smb_conf = "
passdb backend = samba_dsdb
rpc_daemon:spoolssd = embedded
rpc_server:tcpip = no
";
+ if ($more_conf) {
+ $extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
+ }
my $ret = $self->provision($prefix,
"member server",
- "s4member",
+ $hostname,
"SAMBADOMAIN",
"samba.example.com",
"2008",
sub provision_vampire_dc($$$)
{
- my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING VAMPIRE DC...\n";
+ my ($self, $prefix, $dcvars, $fl) = @_;
+ print "PROVISIONING VAMPIRE DC @ FL $fl...\n";
+ my $name = "localvampiredc";
+
+ if ($fl == "2000") {
+ $name = "vampire2000dc";
+ }
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
- "localvampiredc",
- "SAMBADOMAIN",
- "samba.example.com",
- "2008",
+ $name,
+ $dcvars->{DOMAIN},
+ $dcvars->{REALM},
+ $fl,
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},
$dcvars->{SERVER_IPV6});
return undef;
}
- $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
- $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
- $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
- $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
-
+ if ($fl == "2000") {
+ $ret->{VAMPIRE_2000_DC_SERVER} = $ret->{SERVER};
+ $ret->{VAMPIRE_2000_DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{VAMPIRE_2000_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
+ $ret->{VAMPIRE_2000_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ } else {
+ $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
+ $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6};
+ $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ }
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
my $extra_conf_options = "netbios aliases = localDC1-a
server services = +winbind -winbindd
ldap server require strong auth = allow_sasl_over_tls
+ allow nt4 crypto = yes
+ lsa over netlogon = yes
+ rpc server port = 1027
";
my $ret = $self->provision($prefix,
"domain controller",
return $ret;
}
-sub teardown_env($$)
+sub teardown_env_terminate($$)
{
my ($self, $envvars) = @_;
my $pid;
my $childpid;
# This should give it time to write out the gcov data
+ until ($count > 15) {
+ if (Samba::cleanup_child($pid, "samba") != 0) {
+ return;
+ }
+ sleep(1);
+ $count++;
+ }
+
+ # After 15 Seconds, work out why this thing is still alive
+ warn "server process $pid took more than $count seconds to exit, showing backtrace:\n";
+ system("$self->{srcdir}/selftest/gdb_backtrace $pid");
+
until ($count > 30) {
- if (Samba::cleanup_child($pid, "samba") == -1) {
- last;
+ if (Samba::cleanup_child($pid, "samba") != 0) {
+ return;
}
sleep(1);
$count++;
}
- if ($count > 30 || kill(0, $pid)) {
+ if (kill(0, $pid)) {
+ warn "server process $pid took more than $count seconds to exit, sending SIGTERM\n";
kill "TERM", $pid;
+ }
- until ($count > 40) {
- if (Samba::cleanup_child($pid, "samba") == -1) {
- last;
- }
- sleep(1);
- $count++;
+ until ($count > 40) {
+ if (Samba::cleanup_child($pid, "samba") != 0) {
+ return;
}
- # If it is still around, kill it
- warn "server process $pid took more than $count seconds to exit, killing\n";
+ sleep(1);
+ $count++;
+ }
+ # If it is still around, kill it
+ if (kill(0, $pid)) {
+ warn "server process $pid took more than $count seconds to exit, killing\n with SIGKILL\n";
kill 9, $pid;
}
+ return;
+}
+
+sub teardown_env($$)
+{
+ my ($self, $envvars) = @_;
+ teardown_env_terminate($self, $envvars);
$self->slapd_stop($envvars) if ($self->{ldap});
return $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
} elsif ($envname eq "fl2000dc") {
return $self->setup_fl2000dc("$path/fl2000dc");
+ } elsif ($envname eq "vampire_2000_dc") {
+ if (not defined($self->{vars}->{fl2000dc})) {
+ $self->setup_fl2000dc("$path/fl2000dc");
+ }
+ return $self->setup_vampire_dc("$path/vampire_2000_dc", $self->{vars}->{fl2000dc}, "2000");
} elsif ($envname eq "fl2003dc") {
if (not defined($self->{vars}->{ad_dc})) {
$self->setup_ad_dc("$path/ad_dc");
if (not defined($self->{vars}->{ad_dc_ntvfs})) {
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
}
- return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs});
+ return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{ad_dc_ntvfs}, "2008");
} elsif ($envname eq "promoted_dc") {
if (not defined($self->{vars}->{ad_dc_ntvfs})) {
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
}
return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
+ } elsif ($envname eq "s4member_dflt_domain") {
+ if (not defined($self->{vars}->{ad_dc_ntvfs})) {
+ $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
+ }
+ return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs});
} elsif ($envname eq "s4member") {
if (not defined($self->{vars}->{ad_dc_ntvfs})) {
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
{
my ($self, $path, $dc_vars) = @_;
- my $env = $self->provision_s4member($path, $dc_vars);
+ my $env = $self->provision_s4member($path, $dc_vars, "s4member");
if (defined $env) {
if (not defined($self->check_or_start($env, "standard"))) {
return $env;
}
+sub setup_s4member_dflt_domain($$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt",
+ "winbind use default domain = yes");
+
+ if (defined $env) {
+ if (not defined($self->check_or_start($env, "standard"))) {
+ return undef;
+ }
+
+ $self->{vars}->{s4member_dflt_domain} = $env;
+ }
+
+ return $env;
+}
+
sub setup_rpc_proxy($$$)
{
my ($self, $path, $dc_vars) = @_;
return $env;
}
-sub setup_vampire_dc($$$)
+sub setup_vampire_dc($$$$)
{
- my ($self, $path, $dc_vars) = @_;
+ my ($self, $path, $dc_vars, $fl) = @_;
- my $env = $self->provision_vampire_dc($path, $dc_vars);
+ my $env = $self->provision_vampire_dc($path, $dc_vars, $fl);
if (defined $env) {
if (not defined($self->check_or_start($env, "single"))) {
warn("Failed to replicate\n$cmd_repl");
return undef;
}
+
+ # Pull in a full set of changes from the main DC
+ my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
+ $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ if (defined($env->{RESOLV_WRAPPER_CONF})) {
+ $cmd .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
+ } else {
+ $cmd .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
+ }
+ $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
+ $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}";
+ $cmd .= " $dc_vars->{CONFIGURATION}";
+ $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
+ # replicate Configuration NC
+ my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
+ # replicate Default NC
+ $cmd_repl = "$cmd \"$base_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
}
return $env;