return $path;
}
+sub mk_krb5_conf($)
+{
+ my ($ctx) = @_;
+
+ unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
+ die("can't open $ctx->{krb5_conf}$?");
+ return undef;
+ }
+ print KRB5CONF "
+#Generated krb5.conf for $ctx->{realm}
+
+[libdefaults]
+ default_realm = $ctx->{realm}
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
+ allow_weak_crypto = yes
+
+[realms]
+ $ctx->{realm} = {
+ kdc = $ctx->{kdc_ipv4}:88
+ admin_server = $ctx->{kdc_ipv4}:88
+ default_domain = $ctx->{dnsname}
+ }
+ $ctx->{dnsname} = {
+ kdc = $ctx->{kdc_ipv4}:88
+ admin_server = $ctx->{kdc_ipv4}:88
+ default_domain = $ctx->{dnsname}
+ }
+ $ctx->{domain} = {
+ kdc = $ctx->{kdc_ipv4}:88
+ admin_server = $ctx->{kdc_ipv4}:88
+ default_domain = $ctx->{dnsname}
+ }
+
+[domain_realm]
+ .$ctx->{dnsname} = $ctx->{realm}
+";
+
+ if (defined($ctx->{tlsdir})) {
+ print KRB5CONF "
+
+[appdefaults]
+ pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
+
+[kdc]
+ enable-pkinit = true
+ pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
+ pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
+
+";
+ }
+ close(KRB5CONF);
+}
+
1;
return $ret;
}
+sub setup_admember($$$$)
+{
+ my ($self, $prefix, $dcvars, $iface) = @_;
+
+ print "PROVISIONING S3 AD MEMBER$iface...";
+
+ my $member_options = "
+ security = ads
+ server signing = on
+ workgroup = $dcvars->{DOMAIN}
+ realm = $dcvars->{REALM}
+";
+
+ my $ret = $self->provision($prefix,
+ "LOCALADMEMBER$iface",
+ $iface,
+ "loCalMember${iface}Pass",
+ $member_options);
+
+ $ret or return undef;
+
+ close(USERMAP);
+ $ret->{DOMAIN} = $dcvars->{DOMAIN};
+ $ret->{REALM} = $dcvars->{REALM};
+
+ my $ctx;
+ my $prefix_abs = abs_path($prefix);
+ $ctx = {};
+ $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
+ $ctx->{domain} = $dcvars->{DOMAIN};
+ $ctx->{realm} = $dcvars->{REALM};
+ $ctx->{dnsname} = lc($dcvars->{REALM});
+ $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
+ Samba::mk_krb5_conf($ctx);
+
+ $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
+
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION}";
+ $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+
+ system($cmd) == 0 or die("Join failed\n$cmd");
+
+ $self->check_or_start($ret,
+ "yes", "yes", "yes");
+
+ $self->wait_for_start($ret);
+
+ my $smbcacls = Samba::bindir_path($self, "smbcacls");
+ #Allow domain users to manipulate the share
+ $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$smbcacls //127.0.0.29/tmp / -U$ret->{USERNAME}%$ret->{PASSWORD} ";
+ $cmd .= "$ret->{CONFIGURATION} -S ACL:$dcvars->{DOMAIN}\\\\Domain\\ Users:ALLOWED/0x0/FULL";
+
+ system($cmd) == 0 or die("Join failed\n$cmd");
+
+ $ret->{DC_SERVER} = $dcvars->{SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+
+ # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
+ $ret->{target} = $self;
+
+ return $ret;
+}
+
sub setup_secshare($$)
{
my ($self, $path) = @_;
sub setup_ktest($$$)
{
- my ($self, $prefix, $s3dcvars) = @_;
+ my ($self, $prefix) = @_;
print "PROVISIONING server with security=ads...";
$ret or return undef;
+ my $ctx;
+ my $prefix_abs = abs_path($prefix);
+ $ctx = {};
+ $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
+ $ctx->{domain} = "KTEST";
+ $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM";
+ $ctx->{dnsname} = lc($ctx->{realm});
+ $ctx->{kdc_ipv4} = "0.0.0.0";
+ Samba::mk_krb5_conf($ctx);
+
+ $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
+
open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
print USERMAP "
$ret->{USERNAME} = KTEST\\Administrator
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
+ $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
$ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
+ $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
$ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
+ $ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
$ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
use POSIX;
use SocketWrapper;
use target::Samba;
+use target::Samba3;
sub new($$$$$) {
my ($classname, $bindir, $binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime) = @_;
binary_mapping => $binary_mapping,
srcdir => $srcdir,
exeext => $exeext,
- server_maxtime => $server_maxtime
+ server_maxtime => $server_maxtime,
+ target3 => new Samba3($bindir, $binary_mapping, $srcdir, $exeext, $server_maxtime)
};
bless $self;
return $self;
EOF
}
-sub mk_krb5_conf($$)
-{
- my ($self, $ctx) = @_;
-
- unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
- warn("can't open $ctx->{krb5_conf}$?");
- return undef;
- }
- print KRB5CONF "
-#Generated krb5.conf for $ctx->{realm}
-
-[libdefaults]
- default_realm = $ctx->{realm}
- dns_lookup_realm = false
- dns_lookup_kdc = false
- ticket_lifetime = 24h
- forwardable = yes
- allow_weak_crypto = yes
-
-[realms]
- $ctx->{realm} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
- $ctx->{dnsname} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
- $ctx->{domain} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
-
-[appdefaults]
- pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
-
-[kdc]
- enable-pkinit = true
- pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
- pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
-
-[domain_realm]
- .$ctx->{dnsname} = $ctx->{realm}
-";
- close(KRB5CONF);
-}
-
sub provision_raw_prepare($$$$$$$$$$)
{
my ($self, $prefix, $server_role, $netbiosname,
$ctx->{kdc_ipv4} = $ctx->{ipv4};
}
- $self->mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx);
open(PWD, ">$ctx->{nsswrap_passwd}");
print PWD "
# so that use the RODC as kdc and test
# the proxy code
$ctx->{kdc_ipv4} = $ret->{SERVER_IP};
- $self->mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx);
$ret->{RODC_DC_SERVER} = $ret->{SERVER};
$ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
sub setup_env($$$)
{
my ($self, $envname, $path) = @_;
+ my $target3 = $self->{target3};
$ENV{ENVNAME} = $envname;
$self->setup_dc("$path/dc");
}
return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
+ } elsif ($envname eq "s3member") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
} elsif ($envname eq "all") {
if (not defined($self->{vars}->{dc})) {
$ENV{ENVNAME} = "dc";
$ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
$ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
}
+ if (not defined($self->{vars}->{s3member})) {
+ $ENV{ENVNAME} = "s3member";
+ my $s3member_ret = $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
+ $self->{vars}->{s3member} = $s3member_ret;
+
+ $ret->{S3MEMBER_SERVER} = $s3member_ret->{SERVER};
+ $ret->{S3MEMBER_SERVER_IP} = $s3member_ret->{SERVER_IP};
+ $ret->{S3MEMBER_NETBIOSNAME} = $s3member_ret->{NETBIOSNAME};
+ $ret->{S3MEMBER_NETBIOSALIAS} = $s3member_ret->{NETBIOSALIAS};
+ $ret->{S3MEMBER_USERNAME} = $s3member_ret->{USERNAME};
+ $ret->{S3MEMBER_PASSWORD} = $s3member_ret->{PASSWORD};
+ }
return $ret;
} else {
return undef;
"-k no",
"-k no --option=usespnego=no",
"-k no --option=gensec:spengo=no",
- "-k yes",
- "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
+ "-k yes"]:
signoptions = "%s --signing=off" % mech
- name = "smb.signing on with %s" % signoptions
- plantestsuite_loadlist("samba4.%s domain-creds" % name, "s4member", [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/tmp', signoptions, '-U$DC_USERNAME%$DC_PASSWORD', 'base.xcopy'])
+ name = "smb.signing disabled on with %s" % signoptions
+ for env in [ "s4member", "s3member" ]:
+ plantestsuite_loadlist("samba4.%s domain-creds" % name, env, [valgrindify(smb4torture), "$LISTOPT", '//$NETBIOSNAME/tmp', signoptions, '-U$DC_USERNAME%$DC_PASSWORD', 'base.xcopy'])
for mech in [
"-k no",
git.samba.org / sfrench / samba-autobuild / .git / commitdiff