2007-03-05 21:28:55 +00:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba4 ;
use strict ;
2007-04-17 13:06:00 +00:00
use Cwd qw( abs_path ) ;
2007-03-05 21:28:55 +00:00
use FindBin qw( $RealBin ) ;
use POSIX ;
2010-11-27 03:03:50 +01:00
use SocketWrapper ;
2011-04-27 11:19:20 +10:00
use target::Samba ;
2011-04-19 16:38:46 +10:00
use target::Samba3 ;
2007-03-05 21:28:55 +00:00
2009-01-21 10:14:29 +01:00
sub new ($$$$$) {
2015-06-05 12:22:45 +12:00
my ( $ classname , $ bindir , $ ldap , $ srcdir , $ server_maxtime ) = @ _ ;
2011-04-15 12:27:30 +10:00
2010-11-01 01:05:03 +03:00
my $ self = {
vars = > { } ,
ldap = > $ ldap ,
bindir = > $ bindir ,
2011-02-03 15:14:31 +11:00
srcdir = > $ srcdir ,
2011-04-19 16:38:46 +10:00
server_maxtime = > $ server_maxtime ,
2015-06-05 12:22:45 +12:00
target3 = > new Samba3 ( $ bindir , $ srcdir , $ server_maxtime )
2007-04-17 00:30:01 +00:00
} ;
2007-03-21 15:57:07 +00:00
bless $ self ;
return $ self ;
}
2011-02-03 15:14:31 +11:00
sub scriptdir_path ($$) {
my ( $ self , $ path ) = @ _ ;
return "$self->{srcdir}/source4/scripting/$path" ;
}
2007-04-23 07:33:15 +00:00
sub openldap_start ($$$) {
}
2007-04-10 20:19:31 +00:00
sub slapd_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-12 12:45:41 +00:00
my $ count = 0 ;
2013-09-19 05:52:59 -07:00
my ( $ self , $ env_vars , $ STDIN_READER ) = @ _ ;
2011-04-27 11:19:20 +10:00
my $ ldbsearch = Samba:: bindir_path ( $ self , "ldbsearch" ) ;
2007-04-10 20:19:31 +00:00
my $ uri = $ env_vars - > { LDAP_URI } ;
2009-08-14 10:21:04 +10:00
if ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) == 0 ) {
print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!" ;
return 1 ;
}
2007-03-06 06:30:36 +00:00
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
2013-09-19 05:52:59 -07:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
open STDOUT , ">$env_vars->{LDAPDIR}/logs" ;
open STDERR , '>&STDOUT' ;
close ( $ env_vars - > { STDIN_PIPE } ) ;
open STDIN , ">&" , $ STDIN_READER or die "can't dup STDIN_READER to STDIN: $!" ;
if ( $ self - > { ldap } eq "fedora-ds" ) {
exec ( "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" , "-D" , $ env_vars - > { FEDORA_DS_DIR } , "-d0" , "-i" , $ env_vars - > { FEDORA_DS_PIDFILE } ) ;
} elsif ( $ self - > { ldap } eq "openldap" ) {
exec ( $ ENV { OPENLDAP_SLAPD } , "-dnone" , "-F" , $ env_vars - > { SLAPD_CONF_D } , "-h" , $ uri ) ;
}
die ( "Unable to start slapd: $!" ) ;
2007-03-05 21:28:55 +00:00
}
2013-09-19 05:52:59 -07:00
$ env_vars - > { SLAPD_PID } = $ pid ;
sleep ( 1 ) ;
2009-01-21 10:09:30 +01:00
while ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) != 0 ) {
2010-09-14 14:41:42 +02:00
$ count + + ;
2007-04-23 07:33:15 +00:00
if ( $ count > 40 ) {
2010-09-14 14:41:42 +02:00
$ self - > slapd_stop ( $ env_vars ) ;
return 0 ;
2007-03-07 11:05:59 +00:00
}
sleep ( 1 ) ;
}
2007-03-06 06:30:36 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2007-04-10 20:19:31 +00:00
sub slapd_stop ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2013-09-19 05:52:59 -07:00
kill 9 , $ envvars - > { SLAPD_PID } ;
2007-04-23 21:56:23 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2011-08-12 14:37:04 +10:00
sub check_or_start ($$$)
2007-03-05 21:28:55 +00:00
{
2012-03-04 17:30:45 +11:00
my ( $ self , $ env_vars , $ process_model ) = @ _ ;
2013-09-19 05:52:59 -07:00
my $ STDIN_READER ;
2007-03-21 15:57:07 +00:00
2012-03-04 17:30:45 +11:00
return 0 if $ self - > check_env ( $ env_vars ) ;
# use a pipe for stdin in the child processes. This allows
# those processes to monitor the pipe for EOF to ensure they
# exit when the test script exits
2013-09-19 05:52:59 -07:00
pipe ( $ STDIN_READER , $ env_vars - > { STDIN_PIPE } ) ;
# Start slapd before samba, but with the fifo on stdin
if ( defined ( $ self - > { ldap } ) ) {
unless ( $ self - > slapd_start ( $ env_vars , $ STDIN_READER ) ) {
warn ( "couldn't start slapd (main run)" ) ;
return undef ;
}
}
2012-03-04 17:30:45 +11:00
print "STARTING SAMBA..." ;
2007-03-05 21:28:55 +00:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
2009-08-12 14:38:55 +10:00
# we want out from samba to go to the log file, but also
# to the users terminal when running 'make test' on the command
# line. This puts it on stderr on the terminal
open STDOUT , "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2" ;
2007-03-05 21:28:55 +00:00
open STDERR , '>&STDOUT' ;
2009-08-12 14:38:55 +10:00
2007-04-17 15:33:50 +00:00
SocketWrapper:: set_default_iface ( $ env_vars - > { SOCKET_WRAPPER_DEFAULT_IFACE } ) ;
2010-11-01 01:05:03 +03:00
$ ENV { KRB5_CONFIG } = $ env_vars - > { KRB5_CONFIG } ;
2014-02-20 10:34:49 +01:00
$ ENV { SELFTEST_WINBINDD_SOCKET_DIR } = $ env_vars - > { SELFTEST_WINBINDD_SOCKET_DIR } ;
2012-03-04 17:30:45 +11:00
$ ENV { NMBD_SOCKET_DIR } = $ env_vars - > { NMBD_SOCKET_DIR } ;
2007-04-17 03:47:51 +00:00
2007-11-05 15:49:40 +01:00
$ ENV { NSS_WRAPPER_PASSWD } = $ env_vars - > { NSS_WRAPPER_PASSWD } ;
$ ENV { NSS_WRAPPER_GROUP } = $ env_vars - > { NSS_WRAPPER_GROUP } ;
2013-06-27 16:12:47 +02:00
$ ENV { NSS_WRAPPER_HOSTS } = $ env_vars - > { NSS_WRAPPER_HOSTS } ;
2013-06-12 15:42:01 +02:00
$ ENV { NSS_WRAPPER_MODULE_SO_PATH } = $ env_vars - > { NSS_WRAPPER_MODULE_SO_PATH } ;
$ ENV { NSS_WRAPPER_MODULE_FN_PREFIX } = $ env_vars - > { NSS_WRAPPER_MODULE_FN_PREFIX } ;
2007-11-05 15:49:40 +01:00
2014-09-10 11:00:28 +02:00
if ( defined ( $ env_vars - > { RESOLV_WRAPPER_CONF } ) ) {
$ ENV { RESOLV_WRAPPER_CONF } = $ env_vars - > { RESOLV_WRAPPER_CONF } ;
} else {
$ ENV { RESOLV_WRAPPER_HOSTS } = $ env_vars - > { RESOLV_WRAPPER_HOSTS } ;
}
2009-08-05 10:50:03 +10:00
$ ENV { UID_WRAPPER } = "1" ;
2012-03-04 17:30:45 +11:00
$ ENV { MAKE_TEST_BINARY } = Samba:: bindir_path ( $ self , "samba" ) ;
my @ preargs = ( ) ;
my @ optargs = ( ) ;
2009-03-20 16:11:14 +01:00
if ( defined ( $ ENV { SAMBA_OPTIONS } ) ) {
2012-03-04 17:30:45 +11:00
@ optargs = split ( / / , $ ENV { SAMBA_OPTIONS } ) ;
2007-03-05 21:28:55 +00:00
}
2012-03-04 17:30:45 +11:00
if ( defined ( $ ENV { SAMBA_VALGRIND } ) ) {
@ preargs = split ( / / , $ ENV { SAMBA_VALGRIND } ) ;
2007-03-05 21:28:55 +00:00
}
2012-03-04 17:30:45 +11:00
close ( $ env_vars - > { STDIN_PIPE } ) ;
2013-09-19 05:52:59 -07:00
open STDIN , ">&" , $ STDIN_READER or die "can't dup STDIN_READER to STDIN: $!" ;
2012-03-04 17:30:45 +11:00
exec ( @ preargs , Samba:: bindir_path ( $ self , "samba" ) , "-M" , $ process_model , "-i" , "--maximum-runtime=$self->{server_maxtime}" , $ env_vars - > { CONFIGURATION } , @ optargs ) or die ( "Unable to start samba: $!" ) ;
2007-03-05 21:28:55 +00:00
}
2012-03-04 17:30:45 +11:00
$ env_vars - > { SAMBA_PID } = $ pid ;
2007-03-05 21:28:55 +00:00
print "DONE\n" ;
2013-09-19 05:52:59 -07:00
close ( $ STDIN_READER ) ;
2007-03-21 15:57:07 +00:00
2007-03-05 21:28:55 +00:00
return $ pid ;
}
2007-04-04 12:23:10 +00:00
sub wait_for_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-04 12:23:10 +00:00
my ( $ self , $ testenv_vars ) = @ _ ;
2013-06-19 11:33:36 +10:00
my $ ret ;
2007-03-05 21:28:55 +00:00
# give time for nbt server to register its names
print "delaying for nbt name registration\n" ;
2007-04-28 08:58:40 +00:00
sleep 2 ;
2007-03-05 21:28:55 +00:00
2010-11-01 01:05:03 +03:00
# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
2012-05-25 01:44:17 +02:00
my $ nmblookup = Samba:: bindir_path ( $ self , "nmblookup4" ) ;
2009-02-03 16:20:24 +01:00
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
2011-04-18 14:34:40 +10:00
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
2009-02-03 16:20:24 +01:00
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
2011-04-18 14:34:40 +10:00
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
2007-04-18 14:02:26 +00:00
2013-06-19 11:33:36 +10:00
# Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
2015-01-26 11:53:12 +01:00
if ( $ testenv_vars - > { SERVER_ROLE } eq "domain controller" and not ( $ testenv_vars - > { NETBIOSNAME } eq "RODC" ) ) {
2013-06-27 16:12:47 +02:00
# Add hosts file for name lookups
$ ENV { NSS_WRAPPER_HOSTS } = $ testenv_vars - > { NSS_WRAPPER_HOSTS } ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ testenv_vars - > { RESOLV_WRAPPER_CONF } ) ) {
$ ENV { RESOLV_WRAPPER_CONF } = $ testenv_vars - > { RESOLV_WRAPPER_CONF } ;
} else {
$ ENV { RESOLV_WRAPPER_HOSTS } = $ testenv_vars - > { RESOLV_WRAPPER_HOSTS } ;
}
2013-06-27 16:12:47 +02:00
2013-06-19 11:33:36 +10:00
print "waiting for working LDAP and a RID Set to be allocated\n" ;
my $ ldbsearch = Samba:: bindir_path ( $ self , "ldbsearch" ) ;
my $ count = 0 ;
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ testenv_vars - > { REALM } ) ) ;
my $ rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn" ;
2013-09-19 05:52:59 -07:00
sleep ( 1 ) ;
2013-06-19 11:33:36 +10:00
while ( system ( "$ldbsearch -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool > /dev/null" ) != 0 ) {
$ count + + ;
if ( $ count > 40 ) {
$ ret = 1 ;
last ;
}
sleep ( 1 ) ;
}
}
2007-04-18 14:02:26 +00:00
print $ self - > getlog_env ( $ testenv_vars ) ;
2013-06-19 11:33:36 +10:00
return $ ret
2007-03-05 21:28:55 +00:00
}
2007-04-17 00:30:01 +00:00
sub write_ldb_file ($$$)
{
my ( $ self , $ file , $ ldif ) = @ _ ;
2011-04-27 11:19:20 +10:00
my $ ldbadd = Samba:: bindir_path ( $ self , "ldbadd" ) ;
2009-01-21 10:09:30 +01:00
open ( LDIF , "|$ldbadd -H $file >/dev/null" ) ;
2007-04-17 00:30:01 +00:00
print LDIF $ ldif ;
2010-09-14 14:41:42 +02:00
return ( close ( LDIF ) ) ;
2007-04-17 00:30:01 +00:00
}
sub add_wins_config ($$)
{
my ( $ self , $ privatedir ) = @ _ ;
return $ self - > write_ldb_file ( "$privatedir/wins_config.ldb" , "
2010-06-16 11:02:48 +02:00
dn: name = TORTURE_11 , CN = PARTNERS
2007-04-17 00:30:01 +00:00
objectClass: wreplPartner
2010-06-16 11:02:48 +02:00
name: TORTURE_11
address: 127.0 .0 .11
2007-04-17 00:30:01 +00:00
pullInterval: 0
pushChangeCount: 0
type: 0x3
" ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_fedora_ds ($$)
2007-04-17 00:30:01 +00:00
{
2010-01-28 19:35:29 -06:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 00:30:01 +00:00
#Make the subdirectory be as fedora DS would expect
2010-01-28 19:35:29 -06:00
my $ fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}" ;
2007-04-17 00:30:01 +00:00
2010-01-28 19:35:29 -06:00
my $ pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid" ;
2007-04-17 00:30:01 +00:00
return ( $ fedora_ds_dir , $ pidfile ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_openldap ($$)
2007-04-17 00:30:01 +00:00
{
2010-01-28 19:35:29 -06:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 00:30:01 +00:00
2010-01-28 19:35:29 -06:00
my $ slapd_conf_d = "$ctx->{ldapdir}/slapd.d" ;
my $ pidfile = "$ctx->{ldapdir}/slapd.pid" ;
2007-04-17 00:30:01 +00:00
2009-08-13 17:01:27 +10:00
return ( $ slapd_conf_d , $ pidfile ) ;
2007-04-17 00:30:01 +00:00
}
2007-10-25 22:20:52 +02:00
sub mk_keyblobs ($$)
{
my ( $ self , $ tlsdir ) = @ _ ;
#TLS and PKINIT crypto blobs
my $ dhfile = "$tlsdir/dhparms.pem" ;
my $ cafile = "$tlsdir/ca.pem" ;
my $ certfile = "$tlsdir/cert.pem" ;
my $ reqkdc = "$tlsdir/req-kdc.der" ;
my $ kdccertfile = "$tlsdir/kdc.pem" ;
my $ keyfile = "$tlsdir/key.pem" ;
my $ adminkeyfile = "$tlsdir/adminkey.pem" ;
my $ reqadmin = "$tlsdir/req-admin.der" ;
my $ admincertfile = "$tlsdir/admincert.pem" ;
2009-07-28 14:05:19 +10:00
my $ admincertupnfile = "$tlsdir/admincertupn.pem" ;
2007-10-25 22:20:52 +02:00
2013-10-30 14:48:36 +01:00
mkdir ( $ tlsdir , 0700 ) ;
my $ oldumask = umask ;
umask 0077 ;
2007-10-25 22:20:52 +02:00
#This is specified here to avoid draining entropy on every run
open ( DHFILE , ">$dhfile" ) ;
print DHFILE << EOF ;
- - - - - BEGIN DH PARAMETERS - - - - -
MGYCYQC /eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/ Cys8j8wLO
svCN /jYNyR2NszOmg7ZWcOC/ 4 z / 4 pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
YX70obsCAQI =
- - - - - END DH PARAMETERS - - - - -
EOF
close ( DHFILE ) ;
2010-11-01 01:05:03 +03:00
#Likewise, we pregenerate the key material. This allows the
2007-10-25 22:20:52 +02:00
#other certificates to be pre-generated
open ( KEYFILE , ">$keyfile" ) ;
print KEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpc
ol3 + S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H
6 H + pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQAB
AoGAAqDLzFRR / BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
szNW4PRjaA9KkLQVTwnzdXGkBSkn / nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
9 /xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/ dilpY88Nb + xok / X
8 Z8OvgAXAkEA + pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
jNKEKnbf + TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4 / nN4IJXUW6AmPVOYIA5215itgki
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ + aFvqSG
- - - - - END RSA PRIVATE KEY - - - - -
EOF
close ( KEYFILE ) ;
open ( ADMINKEYFILE , ">$adminkeyfile" ) ;
print ADMINKEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQD0 + OL7TQBj0RejbIH1 + g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
5 iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
XLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xdl3JRlwIDAQAB
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ / LgaXUK9BAGhroJ2L
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk + FlolW4ECQQD7w5ouCDnf58CN
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
eAY126rXAkEA + RgHzybzZEP8jCuznMqoN2fq /Vrs6+W3M8/ G9mzGEMgLLpaf2Jiz
I9tLZ0 + OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
ASpo / tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz + o0bzATirmJ + WqxrkKTECQHt2
OLCpKqwAspU7N + w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ / lOwWyR3Hailft + mPqoPCa8QHlQZnlG
+ cfgNl57YHMTZFwgUVFRdJNpjH / WdZ5QxDcIVli0q + Ko
- - - - - END RSA PRIVATE KEY - - - - -
EOF
2010-11-01 01:05:03 +03:00
#generated with
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --self-signed --issue-ca \
# --ca-private-key="FILE:$KEYFILE" \
# --subject="CN=CA,DC=samba,DC=example,DC=com" \
# --certificate="FILE:$CAFILE" --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( CAFILE , ">$cafile" ) ;
print CAFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
MjIzMTJaMFIxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 + S9 / 6
I /uaTmJHZre+DF3dTzb/ UOZo0Zem8N + IzzkgoGkFafjXuT3BL5UPY2 / H6H + pPqVIRLOmrWIm
2008-03-02 07:57:13 -06:00
ai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB / wQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
yYDRg / dhFF9y656OpcHk4N7qZ2sl3RlHkzDu + dseETW + CnKvQIoXNyeARRJSsSlwrwcoD4JR
HTLk2sGigsWwrJ2N99sG /cqSJLJ1MFwLrs6koweBnYU0f/g =
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
2010-11-01 01:05:03 +03:00
#generated with GNUTLS internally in Samba.
2007-10-25 22:20:52 +02:00
open ( CERTFILE , ">$certfile" ) ;
print CERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 +
S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H6H + p
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABoyUw
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm / SAZBFyG
LYOChvh6hPU7joMdDwGfbiLrBnMag + BtGlmPLWwp / Kt1wNmrRhduyTQFhN3PP6fz
nBr9vVny2FewB2gHmelaPS // tXdxivSXKz3NFqqXLDJjq7P8wA ==
- - - - - END CERTIFICATE - - - - -
EOF
close ( CERTFILE ) ;
#KDC certificate
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$KEYFILE" $KDCREQ
2007-10-25 22:20:52 +02:00
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-kdc" \
# --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( KDCCERTFILE , ">$kdccertfile" ) ;
print KDCCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIIDDDCCAnWgAwIBAgIUI2Tzj + JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
MzE5MjNaMGYxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
yq + nD2KL0SfcTW5 + WlyiXf5L3 / oj + 5 pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp + Ne5
PcEvlQ9jb8fof6k + pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
AAGjgcgwgcUwDgYDVR0PAQH / BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS + jPK
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
2008-03-02 07:57:13 -06:00
AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
ge4yRRDXtSebErOl71zVJI9CVeQQpwcH + tA85oGA7oeFtO / S7ls581RUU6tGgyxV4veD + lJv
KPH5LevUtgD + q9H4LU4Sq5N3iFwBaeryB0g2wg ==
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( ADMINCERTFILE , ">$admincertfile" ) ;
print ADMINCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2009-07-28 14:05:19 +10:00
MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2009-07-28 14:05:19 +10:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
MzMyMTVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2008-03-02 07:57:13 -06:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA / oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
2009-07-28 14:05:19 +10:00
RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
2008-03-02 07:57:13 -06:00
ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B / BDjXlGuaFaxjAJBgNV
2009-07-28 14:05:19 +10:00
HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf / OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
7 /xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/ Nt7YQnNvwd + 1 SBP5E8GvwWw9ZzLJvma
nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
close ( ADMINCERTFILE ) ;
2009-07-28 14:05:19 +10:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --ms-upn="administrator@samba.example.com" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
# --lifetime="25 years"
open ( ADMINCERTUPNFILE , ">$admincertupnfile" ) ;
print ADMINCERTUPNFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
MzMzMDVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
+ jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
9 w0BAQsFAAOBgQBk42 + egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK / YR9rajKOwk5jtYSeS
Zd7J9s // rNFNa7waklFkDaY56 + QWTFtdvxfE + KoHaqt6X8u6pqi7p3M4wDKQox + 9 Dx8yWFyq
Wfz / 8 alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ ==
- - - - - END CERTIFICATE - - - - -
EOF
2013-10-30 14:48:36 +01:00
umask $ oldumask ;
2007-10-25 22:20:52 +02:00
}
2015-05-11 13:45:59 +02:00
sub setup_namespaces ( $ $ : $ $ )
{
my ( $ self , $ localenv , $ upn_array , $ spn_array ) = @ _ ;
@ { $ upn_array } = [] unless defined ( $ upn_array ) ;
my $ upn_args = "" ;
foreach my $ upn ( @ { $ upn_array } ) {
$ upn_args . = " --add-upn-suffix=$upn" ;
}
@ { $ spn_array } = [] unless defined ( $ spn_array ) ;
my $ spn_args = "" ;
foreach my $ spn ( @ { $ spn_array } ) {
$ spn_args . = " --add-spn-suffix=$spn" ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd_env = "" ;
$ cmd_env . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ localenv - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd_env . = "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd_env . = "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" " ;
}
$ cmd_env . = " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"" ;
my $ cmd_config = " $localenv->{CONFIGURATION}" ;
my $ namespaces = $ cmd_env ;
$ namespaces . = " $samba_tool domain trust namespaces $upn_args $spn_args" ;
$ namespaces . = $ cmd_config ;
unless ( system ( $ namespaces ) == 0 ) {
warn ( "Failed to add namespaces \n$namespaces" ) ;
return ;
}
return ;
}
2015-02-11 09:58:07 +01:00
sub setup_trust ($$$$$)
{
my ( $ self , $ localenv , $ remoteenv , $ type , $ extra_args ) = @ _ ;
$ localenv - > { TRUST_SERVER } = $ remoteenv - > { SERVER } ;
$ localenv - > { TRUST_SERVER_IP } = $ remoteenv - > { SERVER_IP } ;
$ localenv - > { TRUST_SERVER_IPV6 } = $ remoteenv - > { SERVER_IPV6 } ;
$ localenv - > { TRUST_NETBIOSNAME } = $ remoteenv - > { NETBIOSNAME } ;
$ localenv - > { TRUST_USERNAME } = $ remoteenv - > { USERNAME } ;
$ localenv - > { TRUST_PASSWORD } = $ remoteenv - > { PASSWORD } ;
$ localenv - > { TRUST_DOMAIN } = $ remoteenv - > { DOMAIN } ;
$ localenv - > { TRUST_REALM } = $ remoteenv - > { REALM } ;
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
# setup the trust
my $ cmd_env = "" ;
$ cmd_env . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ localenv - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd_env . = "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd_env . = "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" " ;
}
$ cmd_env . = " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\"" ;
my $ cmd_config = " $localenv->{CONFIGURATION}" ;
my $ cmd_creds = $ cmd_config ;
$ cmd_creds . = " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}" ;
my $ create = $ cmd_env ;
$ create . = " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}" ;
$ create . = " $extra_args" ;
$ create . = $ cmd_creds ;
unless ( system ( $ create ) == 0 ) {
warn ( "Failed to create trust \n$create" ) ;
return undef ;
}
return $ localenv
}
2014-09-10 10:59:39 +02:00
sub provision_raw_prepare ($$$$$$$$$$$)
2007-04-17 00:30:01 +00:00
{
2011-06-24 18:50:51 +02:00
my ( $ self , $ prefix , $ server_role , $ hostname ,
2010-06-15 22:24:36 +10:00
$ domain , $ realm , $ functional_level ,
2014-09-10 10:59:39 +02:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx ;
2011-06-24 18:50:51 +02:00
my $ netbiosname = uc ( $ hostname ) ;
2007-04-17 00:30:01 +00:00
2010-09-14 14:41:42 +02:00
unless ( - d $ prefix or mkdir ( $ prefix , 0777 ) ) {
warn ( "Unable to create $prefix" ) ;
return undef ;
}
2007-04-17 13:06:00 +00:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2007-04-17 15:33:50 +00:00
2009-02-04 11:18:32 +01:00
die ( "prefix=''" ) if $ prefix_abs eq "" ;
die ( "prefix='/'" ) if $ prefix_abs eq "/" ;
2007-04-17 00:30:01 +00:00
2010-09-14 14:41:42 +02:00
unless ( system ( "rm -rf $prefix_abs/*" ) == 0 ) {
warn ( "Unable to clean up" ) ;
}
2007-04-17 00:30:01 +00:00
2012-03-02 11:44:56 +11:00
my $ swiface = Samba:: get_interface ( $ hostname ) ;
2009-02-04 11:18:32 +01:00
$ ctx - > { prefix } = $ prefix ;
$ ctx - > { prefix_abs } = $ prefix_abs ;
2010-02-24 15:09:28 +11:00
2009-02-04 11:18:32 +01:00
$ ctx - > { server_role } = $ server_role ;
2011-06-24 18:50:51 +02:00
$ ctx - > { hostname } = $ hostname ;
2009-02-04 11:18:32 +01:00
$ ctx - > { netbiosname } = $ netbiosname ;
$ ctx - > { swiface } = $ swiface ;
$ ctx - > { password } = $ password ;
2009-02-10 18:00:48 +01:00
$ ctx - > { kdc_ipv4 } = $ kdc_ipv4 ;
2014-09-10 10:59:39 +02:00
$ ctx - > { kdc_ipv6 } = $ kdc_ipv6 ;
2007-04-17 15:33:50 +00:00
2012-08-31 12:41:48 -07:00
#
# Set smbd log level here.
#
2010-11-23 23:47:36 +03:00
$ ctx - > { server_loglevel } = $ ENV { SERVER_LOG_LEVEL } || 1 ;
2009-07-27 22:39:10 +10:00
$ ctx - > { username } = "Administrator" ;
2010-06-15 22:24:36 +10:00
$ ctx - > { domain } = $ domain ;
$ ctx - > { realm } = uc ( $ realm ) ;
$ ctx - > { dnsname } = lc ( $ realm ) ;
2009-02-04 11:18:32 +01:00
2010-06-15 22:24:36 +10:00
$ ctx - > { functional_level } = $ functional_level ;
2009-02-04 11:18:32 +01:00
my $ unix_name = ( $ ENV { USER } or $ ENV { LOGNAME } or `whoami` ) ;
chomp $ unix_name ;
$ ctx - > { unix_name } = $ unix_name ;
$ ctx - > { unix_uid } = $> ;
2014-05-13 12:57:10 +02:00
my @ mygid = split ( " " , $( ) ;
$ ctx - > { unix_gid } = $ mygid [ 0 ] ;
2009-02-04 11:18:32 +01:00
$ ctx - > { unix_gids_str } = $ ) ;
@ { $ ctx - > { unix_gids } } = split ( " " , $ ctx - > { unix_gids_str } ) ;
$ ctx - > { etcdir } = "$prefix_abs/etc" ;
$ ctx - > { piddir } = "$prefix_abs/pid" ;
$ ctx - > { smb_conf } = "$ctx->{etcdir}/smb.conf" ;
$ ctx - > { krb5_conf } = "$ctx->{etcdir}/krb5.conf" ;
$ ctx - > { privatedir } = "$prefix_abs/private" ;
$ ctx - > { ncalrpcdir } = "$prefix_abs/ncalrpc" ;
$ ctx - > { lockdir } = "$prefix_abs/lockdir" ;
2012-08-30 14:09:10 +02:00
$ ctx - > { logdir } = "$prefix_abs/logs" ;
2011-07-12 13:12:50 +02:00
$ ctx - > { statedir } = "$prefix_abs/statedir" ;
$ ctx - > { cachedir } = "$prefix_abs/cachedir" ;
2009-02-04 11:18:32 +01:00
$ ctx - > { winbindd_socket_dir } = "$prefix_abs/winbindd_socket" ;
$ ctx - > { winbindd_privileged_socket_dir } = "$prefix_abs/winbindd_privileged_socket" ;
$ ctx - > { ntp_signd_socket_dir } = "$prefix_abs/ntp_signd_socket" ;
$ ctx - > { nsswrap_passwd } = "$ctx->{etcdir}/passwd" ;
$ ctx - > { nsswrap_group } = "$ctx->{etcdir}/group" ;
2013-06-27 16:12:47 +02:00
$ ctx - > { nsswrap_hosts } = "$ENV{SELFTEST_PREFIX}/hosts" ;
2014-09-10 11:00:28 +02:00
if ( $ ENV { SAMBA_DNS_FAKING } ) {
$ ctx - > { dns_host_file } = "$ENV{SELFTEST_PREFIX}/dns_host_file" ;
$ ctx - > { samba_dnsupdate } = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}" ;
} else {
$ ctx - > { resolv_conf } = "$ctx->{etcdir}/resolv.conf" ;
$ ctx - > { samba_dnsupdate } = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf}" ;
}
2009-02-04 11:18:32 +01:00
$ ctx - > { tlsdir } = "$ctx->{privatedir}/tls" ;
$ ctx - > { ipv4 } = "127.0.0.$swiface" ;
2014-06-19 17:21:16 +02:00
$ ctx - > { ipv6 } = sprintf ( "fd00:0000:0000:0000:0000:0000:5357:5f%02x" , $ swiface ) ;
$ ctx - > { interfaces } = "$ctx->{ipv4}/8 $ctx->{ipv6}/64" ;
2009-02-04 11:18:32 +01:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { privatedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { etcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { piddir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { lockdir } ) ;
2012-08-30 14:09:10 +02:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { logdir } ) ;
2011-07-12 13:12:50 +02:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { statedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { cachedir } ) ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:01:51 +01:00
$ ctx - > { smb_conf_extra_options } = "" ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:55:54 +01:00
my @ provision_options = ( ) ;
push ( @ provision_options , "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"" ) ;
push ( @ provision_options , "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"" ) ;
2013-06-27 16:12:47 +02:00
push ( @ provision_options , "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"" ) ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ctx - > { resolv_conf } ) ) {
push ( @ provision_options , "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"" ) ;
} else {
push ( @ provision_options , "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"" ) ;
}
2009-02-10 17:55:54 +01:00
if ( defined ( $ ENV { GDB_PROVISION } ) ) {
2009-02-23 13:33:39 -05:00
push ( @ provision_options , "gdb --args" ) ;
2010-10-18 22:11:40 +11:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 17:55:54 +01:00
}
if ( defined ( $ ENV { VALGRIND_PROVISION } ) ) {
push ( @ provision_options , "valgrind" ) ;
2010-10-18 22:11:40 +11:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 17:55:54 +01:00
}
if ( defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , $ ENV { PYTHON } ) ;
}
2012-09-10 14:47:21 +02:00
push ( @ provision_options , Samba:: bindir_path ( $ self , "samba-tool" ) ) ;
push ( @ provision_options , "domain" ) ;
push ( @ provision_options , "provision" ) ;
2009-02-10 17:55:54 +01:00
push ( @ provision_options , "--configfile=$ctx->{smb_conf}" ) ;
2011-06-24 18:50:51 +02:00
push ( @ provision_options , "--host-name=$ctx->{hostname}" ) ;
2009-02-10 17:55:54 +01:00
push ( @ provision_options , "--host-ip=$ctx->{ipv4}" ) ;
push ( @ provision_options , "--quiet" ) ;
push ( @ provision_options , "--domain=$ctx->{domain}" ) ;
push ( @ provision_options , "--realm=$ctx->{realm}" ) ;
push ( @ provision_options , "--adminpass=$ctx->{password}" ) ;
push ( @ provision_options , "--krbtgtpass=krbtgt$ctx->{password}" ) ;
push ( @ provision_options , "--machinepass=machine$ctx->{password}" ) ;
push ( @ provision_options , "--root=$ctx->{unix_name}" ) ;
push ( @ provision_options , "--server-role=\"$ctx->{server_role}\"" ) ;
2010-06-15 22:24:36 +10:00
push ( @ provision_options , "--function-level=\"$ctx->{functional_level}\"" ) ;
2009-02-10 17:55:54 +01:00
@ { $ ctx - > { provision_options } } = @ provision_options ;
2009-02-04 11:18:32 +01:00
return $ ctx ;
}
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
#
2009-02-10 17:55:54 +01:00
# Step1 creates the basic configuration
#
sub provision_raw_step1 ($$)
2009-02-04 11:18:32 +01:00
{
my ( $ self , $ ctx ) = @ _ ;
2007-05-01 03:28:12 +00:00
2009-02-04 11:18:32 +01:00
mkdir ( $ _ , 0777 ) foreach ( @ { $ ctx - > { directories } } ) ;
2007-05-01 03:28:12 +00:00
2012-12-21 15:16:10 -08:00
##
## lockdir and piddir must be 0755
##
chmod 0755 , $ ctx - > { lockdir } ;
chmod 0755 , $ ctx - > { piddir } ;
2010-09-14 14:41:42 +02:00
unless ( open ( CONFFILE , ">$ctx->{smb_conf}" ) ) {
warn ( "can't open $ctx->{smb_conf}$?" ) ;
return undef ;
}
2007-04-17 00:30:01 +00:00
print CONFFILE "
[ global ]
2009-02-04 11:18:32 +01:00
netbios name = $ ctx - > { netbiosname }
2011-07-12 13:14:41 +02:00
posix:eadb = $ ctx - > { statedir } / eadb . tdb
2009-02-04 11:18:32 +01:00
workgroup = $ ctx - > { domain }
realm = $ ctx - > { realm }
private dir = $ ctx - > { privatedir }
pid directory = $ ctx - > { piddir }
ncalrpc dir = $ ctx - > { ncalrpcdir }
lock dir = $ ctx - > { lockdir }
2011-07-20 13:02:22 +02:00
state directory = $ ctx - > { statedir }
cache directory = $ ctx - > { cachedir }
2009-02-04 11:18:32 +01:00
winbindd socket directory = $ ctx - > { winbindd_socket_dir }
winbindd privileged socket directory = $ ctx - > { winbindd_privileged_socket_dir }
ntp signd socket directory = $ ctx - > { ntp_signd_socket_dir }
winbind separator = /
interfaces = $ ctx - > { interfaces }
tls dh params file = $ ctx - > { tlsdir } / dhparms . pem
2011-07-13 17:26:31 +10:00
panic action = $ RealBin / gdb_backtrace \ % d
2007-04-17 00:30:01 +00:00
wins support = yes
2009-02-04 11:18:32 +01:00
server role = $ ctx - > { server_role }
2012-09-12 08:52:15 +02:00
server services = + echo + smb - s3fs
2012-06-16 12:54:12 +10:00
dcerpc endpoint servers = + winreg + srvsvc
2007-04-17 00:30:01 +00:00
notify:inotify = false
ldb:nosync = true
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
2012-08-30 14:09:10 +02:00
log file = $ ctx - > { logdir } / log . \ % m
2009-02-04 11:18:32 +01:00
log level = $ ctx - > { server_loglevel }
2010-02-11 20:48:47 +11:00
lanman auth = Yes
2010-03-26 19:03:22 +11:00
rndc command = true
2014-09-10 11:00:28 +02:00
dns update command = $ ctx - > { samba_dnsupdate }
2012-05-11 16:01:33 +02:00
spn update command = $ ENV { SRCDIR_ABS } /source4/sc ripting /bin/s amba_spnupdate - s $ ctx - > { smb_conf }
2010-07-09 09:23:04 +02:00
dreplsrv:periodic_startup_interval = 0
2011-11-12 11:03:05 +01:00
dsdb:schema update allowed = yes
2011-08-22 10:05:02 +10:00
2012-08-23 20:13:45 +10:00
vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
2012-05-11 16:01:33 +02:00
# remove this again, when our smb2 client library
# supports signin on compound related requests
server signing = on
2012-12-28 12:36:06 +11:00
idmap_ldb:use rfc2307 = yes
2014-05-20 11:16:07 +12:00
winbind enum users = yes
winbind enum groups = yes
2010-02-11 20:48:47 +11:00
" ;
2009-10-28 15:28:31 -05:00
print CONFFILE "
2007-04-17 00:30:01 +00:00
2009-02-10 17:01:51 +01:00
# Begin extra options
$ ctx - > { smb_conf_extra_options }
# End extra options
2007-04-17 00:30:01 +00:00
" ;
close ( CONFFILE ) ;
2009-02-04 11:18:32 +01:00
$ self - > mk_keyblobs ( $ ctx - > { tlsdir } ) ;
2007-04-17 00:30:01 +00:00
2011-04-18 16:09:30 +10:00
#Default the KDC IP to the server's IP
if ( not defined ( $ ctx - > { kdc_ipv4 } ) ) {
2014-09-10 10:59:39 +02:00
$ ctx - > { kdc_ipv4 } = $ ctx - > { ipv4 } ;
}
if ( not defined ( $ ctx - > { kdc_ipv6 } ) ) {
$ ctx - > { kdc_ipv6 } = $ ctx - > { ipv6 } ;
}
2011-04-18 16:09:30 +10:00
2015-03-24 19:05:10 +01:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
open ( PWD , ">$ctx->{nsswrap_passwd}" ) ;
2015-02-02 16:05:17 +01:00
if ( $ ctx - > { unix_uid } != 0 ) {
print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n" ;
}
2015-02-05 16:07:35 +01:00
print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n" ;
2015-02-02 16:05:17 +01:00
print PWD " nobody:x:65534:65533:nobody gecos: $ ctx - > { prefix_abs } : /bin/ false
2012-06-27 17:51:55 +10:00
pdbtest:x:65533:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
2014-05-16 14:30:43 +12:00
pdbtest2:x:65532:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
pdbtest3:x:65531:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
pdbtest4:x:65530:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
2007-11-05 15:49:40 +01:00
" ;
close ( PWD ) ;
2012-12-28 12:36:06 +11:00
my $ uid_rfc2307test = 65533 ;
2007-11-05 15:49:40 +01:00
2009-02-04 11:18:32 +01:00
open ( GRP , ">$ctx->{nsswrap_group}" ) ;
2015-02-03 14:59:06 +01:00
if ( $ ctx - > { unix_gid } != 0 ) {
print GRP "root:x:0:\n" ;
}
print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n" ;
print GRP " wheel:x:10:
2015-02-05 16:07:35 +01:00
users:x:65531:
2007-11-05 15:49:40 +01:00
nobody:x:65533:
nogroup:x:65534:nobody
" ;
close ( GRP ) ;
2012-12-28 12:36:06 +11:00
my $ gid_rfc2307test = 65532 ;
2007-11-05 15:49:40 +01:00
2013-06-27 16:12:47 +02:00
my $ hostname = lc ( $ ctx - > { hostname } ) ;
open ( HOSTS , ">>$ctx->{nsswrap_hosts}" ) ;
2014-12-03 15:44:57 +01:00
if ( $ hostname eq "localdc" ) {
print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n" ;
print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n" ;
} else {
print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n" ;
print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n" ;
}
2013-06-27 16:12:47 +02:00
close ( HOSTS ) ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ctx - > { resolv_conf } ) ) {
open ( RESOLV_CONF , ">$ctx->{resolv_conf}" ) ;
print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n" ;
print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n" ;
close ( RESOLV_CONF ) ;
}
2009-02-04 11:18:32 +01:00
my $ configuration = "--configfile=$ctx->{smb_conf}" ;
2007-04-17 00:30:01 +00:00
#Ensure the config file is valid before we start
2011-06-04 08:20:54 +10:00
my $ testparm = Samba:: bindir_path ( $ self , "samba-tool" ) . " testparm" ;
2009-01-21 10:09:30 +01:00
if ( system ( "$testparm $configuration -v --suppress-prompt >/dev/null 2>&1" ) != 0 ) {
system ( "$testparm -v --suppress-prompt $configuration >&2" ) ;
2010-09-14 14:41:42 +02:00
warn ( "Failed to create a valid smb.conf configuration $testparm!" ) ;
return undef ;
2007-04-17 00:30:01 +00:00
}
2010-09-14 14:41:42 +02:00
unless ( system ( "($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1" ) == 0 ) {
warn ( "Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global" ) ;
return undef ;
}
2007-04-17 00:30:01 +00:00
my $ ret = {
2009-02-04 11:18:32 +01:00
KRB5_CONFIG = > $ ctx - > { krb5_conf } ,
PIDDIR = > $ ctx - > { piddir } ,
2011-06-24 18:50:51 +02:00
SERVER = > $ ctx - > { hostname } ,
2009-02-04 11:18:32 +01:00
SERVER_IP = > $ ctx - > { ipv4 } ,
2014-06-19 17:21:16 +02:00
SERVER_IPV6 = > $ ctx - > { ipv6 } ,
2009-02-04 11:18:32 +01:00
NETBIOSNAME = > $ ctx - > { netbiosname } ,
DOMAIN = > $ ctx - > { domain } ,
USERNAME = > $ ctx - > { username } ,
REALM = > $ ctx - > { realm } ,
PASSWORD = > $ ctx - > { password } ,
LDAPDIR = > $ ctx - > { ldapdir } ,
2010-01-28 19:35:29 -06:00
LDAP_INSTANCE = > $ ctx - > { ldap_instance } ,
2014-02-20 10:34:49 +01:00
SELFTEST_WINBINDD_SOCKET_DIR = > $ ctx - > { winbindd_socket_dir } ,
2009-02-04 11:18:32 +01:00
NCALRPCDIR = > $ ctx - > { ncalrpcdir } ,
LOCKDIR = > $ ctx - > { lockdir } ,
2011-07-12 13:12:50 +02:00
STATEDIR = > $ ctx - > { statedir } ,
CACHEDIR = > $ ctx - > { cachedir } ,
2012-08-29 09:10:40 +10:00
PRIVATEDIR = > $ ctx - > { privatedir } ,
2009-02-04 11:18:32 +01:00
SERVERCONFFILE = > $ ctx - > { smb_conf } ,
2007-04-17 15:33:50 +00:00
CONFIGURATION = > $ configuration ,
2009-02-04 11:18:32 +01:00
SOCKET_WRAPPER_DEFAULT_IFACE = > $ ctx - > { swiface } ,
NSS_WRAPPER_PASSWD = > $ ctx - > { nsswrap_passwd } ,
NSS_WRAPPER_GROUP = > $ ctx - > { nsswrap_group } ,
2013-06-27 16:12:47 +02:00
NSS_WRAPPER_HOSTS = > $ ctx - > { nsswrap_hosts } ,
2009-02-04 11:18:32 +01:00
SAMBA_TEST_FIFO = > "$ctx->{prefix}/samba_test.fifo" ,
SAMBA_TEST_LOG = > "$ctx->{prefix}/samba_test.log" ,
2009-02-04 15:17:14 +01:00
SAMBA_TEST_LOG_POS = > 0 ,
2013-06-12 15:42:01 +02:00
NSS_WRAPPER_MODULE_SO_PATH = > Samba:: nss_wrapper_winbind_so_path ( $ self ) ,
NSS_WRAPPER_MODULE_FN_PREFIX = > "winbind" ,
2012-12-28 12:36:06 +11:00
LOCAL_PATH = > $ ctx - > { share } ,
UID_RFC2307TEST = > $ uid_rfc2307test ,
2013-06-19 11:33:36 +10:00
GID_RFC2307TEST = > $ gid_rfc2307test ,
SERVER_ROLE = > $ ctx - > { server_role }
2007-04-17 00:30:01 +00:00
} ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ctx - > { resolv_conf } ) ) {
$ ret - > { RESOLV_WRAPPER_CONF } = $ ctx - > { resolv_conf } ;
} else {
$ ret - > { RESOLV_WRAPPER_HOSTS } = $ ctx - > { dns_host_file } ;
}
2009-02-10 17:55:54 +01:00
return $ ret ;
}
2007-04-23 07:33:15 +00:00
2009-02-10 17:55:54 +01:00
#
# Step2 runs the provision script
#
sub provision_raw_step2 ($$$)
{
my ( $ self , $ ctx , $ ret ) = @ _ ;
2007-04-23 21:56:23 +00:00
2009-02-10 17:55:54 +01:00
my $ provision_cmd = join ( " " , @ { $ ctx - > { provision_options } } ) ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ provision_cmd ) == 0 ) {
warn ( "Unable to provision: \n$provision_cmd\n" ) ;
return undef ;
}
2007-04-23 07:33:15 +00:00
2015-03-29 11:15:29 +02:00
my $ testallowed_account = "testallowed" ;
2015-01-05 16:32:23 +13:00
my $ samba_tool_cmd = Samba:: bindir_path ( $ self , "samba-tool" )
2015-03-29 11:15:29 +02:00
. " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}" ;
2015-01-05 16:32:23 +13:00
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to add testallowed user: \n$samba_tool_cmd\n" ) ;
return undef ;
}
2015-01-23 17:19:41 +13:00
my $ ldbmodify = Samba:: bindir_path ( $ self , "ldbmodify" ) ;
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ ctx - > { realm } ) ) ;
2015-03-12 10:43:57 +01:00
if ( $ ctx - > { server_role } ne "domain controller" ) {
$ base_dn = "DC=$ctx->{netbiosname}" ;
}
2015-03-29 11:15:29 +02:00
my $ user_dn = "cn=$testallowed_account,cn=users,$base_dn" ;
$ testallowed_account = "testallowed account" ;
2015-01-23 17:19:41 +13:00
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
2015-03-12 13:43:49 +13:00
replace: samAccountName
2015-03-29 11:15:29 +02:00
samAccountName: $ testallowed_account
2015-03-12 13:43:49 +13:00
-
" ;
close ( LDIF ) ;
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
2015-01-23 17:19:41 +13:00
replace: userPrincipalName
2015-03-12 12:56:56 +13:00
userPrincipalName: testallowed upn \ @$ ctx - > { realm }
2015-02-03 11:36:49 +13:00
replace: servicePrincipalName
servicePrincipalName: host / testallowed
2015-01-23 17:19:41 +13:00
-
" ;
close ( LDIF ) ;
2015-01-05 16:32:23 +13:00
$ samba_tool_cmd = Samba:: bindir_path ( $ self , "samba-tool" )
. " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}" ;
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to add testdenied user: \n$samba_tool_cmd\n" ) ;
return undef ;
}
2015-01-23 17:19:41 +13:00
my $ user_dn = "cn=testdenied,cn=users,$base_dn" ;
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
replace: userPrincipalName
userPrincipalName: testdenied_upn \ @$ ctx - > { realm } . upn
-
" ;
close ( LDIF ) ;
2015-01-05 16:32:23 +13:00
$ samba_tool_cmd = Samba:: bindir_path ( $ self , "samba-tool" )
2015-03-29 11:15:29 +02:00
. " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'" ;
2015-01-05 16:32:23 +13:00
unless ( system ( $ samba_tool_cmd ) == 0 ) {
2015-03-29 11:15:29 +02:00
warn ( "Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n" ) ;
2015-01-05 16:32:23 +13:00
return undef ;
}
2009-02-04 11:18:32 +01:00
return $ ret ;
}
2014-09-10 10:59:39 +02:00
sub provision ($$$$$$$$$$)
2009-02-04 11:18:32 +01:00
{
2011-06-24 18:50:51 +02:00
my ( $ self , $ prefix , $ server_role , $ hostname ,
2010-11-01 01:05:03 +03:00
$ domain , $ realm , $ functional_level ,
2014-09-10 10:59:39 +02:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 , $ extra_smbconf_options , $ extra_smbconf_shares ,
2012-09-12 08:52:15 +02:00
$ extra_provision_options ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , $ server_role ,
2011-06-24 18:50:51 +02:00
$ hostname ,
2010-06-15 22:24:36 +10:00
$ domain , $ realm , $ functional_level ,
2014-09-10 10:59:39 +02:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 ) ;
2012-09-12 08:52:15 +02:00
if ( defined ( $ extra_provision_options ) ) {
push ( @ { $ ctx - > { provision_options } } , @ { $ extra_provision_options } ) ;
} else {
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
}
2009-02-04 11:18:32 +01:00
2012-04-30 15:08:38 +10:00
$ ctx - > { share } = "$ctx->{prefix_abs}/share" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/test1" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/test2" ) ;
2012-08-30 14:09:49 +02:00
# precreate directories for printer drivers
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/W32X86" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/x64" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/WIN40" ) ;
2010-05-11 21:22:24 +04:00
my $ msdfs = "no" ;
$ msdfs = "yes" if ( $ server_role eq "domain controller" ) ;
2009-02-10 17:01:51 +01:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
2010-05-11 21:22:24 +04:00
host msdfs = $ msdfs
2010-06-22 22:11:00 +02:00
lanman auth = yes
2013-12-06 13:41:43 +01:00
allow nt4 crypto = yes
2009-02-10 17:01:51 +01:00
2015-06-10 15:30:04 +02:00
# fruit:copyfile is a global option
fruit:copyfile = yes
2011-03-18 19:13:43 +01:00
$ extra_smbconf_options
2009-02-10 17:01:51 +01:00
[ tmp ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share }
2009-02-10 17:01:51 +01:00
read only = no
2015-06-19 16:49:41 +12:00
posix:sharedelay = 100000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
2015-06-19 16:49:41 +12:00
posix:writetimeupdatedelay = 500000
2009-02-10 17:01:51 +01:00
2011-10-28 12:15:51 -07:00
[ xcopy_share ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share }
2011-10-28 12:15:51 -07:00
read only = no
2015-06-19 16:49:41 +12:00
posix:sharedelay = 100000
2011-10-28 12:15:51 -07:00
posix:oplocktimeout = 3
2015-06-19 16:49:41 +12:00
posix:writetimeupdatedelay = 500000
2011-09-09 09:03:23 +10:00
create mask = 777
force create mode = 777
2011-10-28 12:15:51 -07:00
2012-06-04 20:44:08 -07:00
[ posix_share ]
path = $ ctx - > { share }
read only = no
create mask = 0777
force create mode = 0
directory mask = 0777
force directory mode = 0
2009-02-10 17:01:51 +01:00
[ test1 ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share } / test1
2009-02-10 17:01:51 +01:00
read only = no
2015-06-19 16:49:41 +12:00
posix:sharedelay = 100000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
2015-06-19 16:49:41 +12:00
posix:writetimeupdatedelay = 500000
2009-02-10 17:01:51 +01:00
[ test2 ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share } / test2
2009-02-10 17:01:51 +01:00
read only = no
2015-06-19 16:49:41 +12:00
posix:sharedelay = 100000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
2015-06-19 16:49:41 +12:00
posix:writetimeupdatedelay = 500000
2009-02-10 17:01:51 +01:00
[ cifs ]
2014-08-06 16:54:43 +02:00
path = $ ctx - > { share } / _ignore_cifs_
2009-02-10 17:01:51 +01:00
read only = no
ntvfs handler = cifs
cifs:server = $ ctx - > { netbiosname }
cifs:share = tmp
2011-03-18 19:13:43 +01:00
cifs:use - s4u2proxy = yes
# There is no username specified here, instead the client is expected
# to log in with kerberos, and the serverwill use delegated credentials.
# Or the server tries s4u2self/s4u2proxy to impersonate the client
2009-02-10 17:01:51 +01:00
[ simple ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share }
2009-02-10 17:01:51 +01:00
read only = no
ntvfs handler = simple
[ sysvol ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } / sysvol
2012-11-05 12:57:17 +11:00
read only = no
2009-02-10 17:01:51 +01:00
[ netlogon ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2009-02-10 17:01:51 +01:00
read only = no
[ cifsposix ]
copy = simple
ntvfs handler = cifsposix
2012-04-26 15:20:02 +10:00
2014-07-08 05:47:02 +02:00
[ vfs_fruit ]
path = $ ctx - > { share }
2015-05-10 11:58:32 +02:00
vfs objects = catia fruit streams_xattr acl_xattr
ea support = yes
2014-07-08 05:47:02 +02:00
fruit:ressource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
2012-04-26 15:20:02 +10:00
$ extra_smbconf_shares
2009-02-10 17:01:51 +01:00
" ;
2009-02-10 17:55:54 +01:00
if ( defined ( $ self - > { ldap } ) ) {
$ ctx - > { ldapdir } = "$ctx->{privatedir}/ldap" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{ldapdir}" ) ;
my $ ldap_uri = "$ctx->{ldapdir}/ldapi" ;
$ ldap_uri =~ s | / | % 2F | g ;
$ ldap_uri = "ldapi://$ldap_uri" ;
$ ctx - > { ldap_uri } = $ ldap_uri ;
2010-01-28 19:35:29 -06:00
$ ctx - > { ldap_instance } = lc ( $ ctx - > { netbiosname } ) ;
2009-02-10 17:55:54 +01:00
}
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-11-01 01:00:46 +03:00
unless ( defined $ ret ) {
2010-09-14 14:41:42 +02:00
return undef ;
}
2009-02-10 17:55:54 +01:00
if ( defined ( $ self - > { ldap } ) ) {
2010-09-14 14:41:42 +02:00
$ ret - > { LDAP_URI } = $ ctx - > { ldap_uri } ;
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-type=" . $ self - > { ldap } ) ;
2010-04-22 11:37:41 +10:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-nosync" ) ;
2009-02-10 17:55:54 +01:00
if ( $ self - > { ldap } eq "openldap" ) {
2010-09-14 14:41:42 +02:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . $ ENV { OPENLDAP_SLAPD } ) ;
2010-01-28 19:35:29 -06:00
( $ ret - > { SLAPD_CONF_D } , $ ret - > { OPENLDAP_PIDFILE } ) = $ self - > mk_openldap ( $ ctx ) or die ( "Unable to create openldap directories" ) ;
2009-02-10 17:55:54 +01:00
2009-08-10 22:01:28 +10:00
} elsif ( $ self - > { ldap } eq "fedora-ds" ) {
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" ) ;
push ( @ { $ ctx - > { provision_options } } , "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl" ) ;
2010-01-28 19:35:29 -06:00
( $ ret - > { FEDORA_DS_DIR } , $ ret - > { FEDORA_DS_PIDFILE } ) = $ self - > mk_fedora_ds ( $ ctx ) or die ( "Unable to create fedora ds directories" ) ;
2009-02-10 17:55:54 +01:00
}
}
2010-09-14 14:41:42 +02:00
return $ self - > provision_raw_step2 ( $ ctx , $ ret ) ;
2007-04-17 00:30:01 +00:00
}
2014-05-24 22:47:30 +12:00
sub provision_s4member ($$$)
2007-04-12 08:33:35 +00:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2007-04-17 00:30:01 +00:00
print "PROVISIONING MEMBER..." ;
2014-05-20 11:10:22 +12:00
my $ extra_smb_conf = "
passdb backend = samba_dsdb
winbindd:use external pipes = true
rpc_server:default = external
rpc_server:svcctl = embedded
rpc_server:srvsvc = embedded
rpc_server:eventlog = embedded
rpc_server:ntsvcs = embedded
rpc_server:winreg = embedded
rpc_server:spoolss = embedded
rpc_daemon:spoolssd = embedded
rpc_server:tcpip = no
" ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
2011-04-18 18:57:22 +10:00
"s4member" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2010-06-16 11:22:30 +02:00
"locMEMpass3" ,
2010-02-19 15:56:30 +11:00
$ dcvars - > { SERVER_IP } ,
2014-09-10 10:59:39 +02:00
$ dcvars - > { SERVER_IPV6 } ,
2014-05-20 11:10:22 +12:00
$ extra_smb_conf , "" , undef ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2007-04-12 08:33:35 +00:00
2011-04-27 11:19:20 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2007-04-30 11:16:50 +00:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2007-04-30 11:16:50 +00:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2011-07-19 12:54:37 +10:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 15:56:30 +11:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 22:57:45 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2007-04-30 11:16:50 +00:00
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2007-04-16 10:44:26 +00:00
2010-02-19 15:56:30 +11:00
$ ret - > { MEMBER_SERVER } = $ ret - > { SERVER } ;
$ ret - > { MEMBER_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { MEMBER_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 15:56:30 +11:00
$ ret - > { MEMBER_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { MEMBER_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { MEMBER_PASSWORD } = $ ret - > { PASSWORD } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-02-19 15:56:30 +11:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
sub provision_rpc_proxy ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING RPC PROXY..." ;
2011-03-18 19:13:43 +01:00
my $ extra_smbconf_options = "
2014-04-09 15:54:07 +12:00
passdb backend = samba_dsdb
2011-03-18 19:13:43 +01:00
# rpc_proxy
dcerpc_remote:binding = ncacn_ip_tcp: $ dcvars - > { SERVER }
dcerpc endpoint servers = epmapper , remote
dcerpc_remote:interfaces = rpcecho
[ cifs_to_dc ]
2014-08-06 16:54:43 +02:00
path = /tmp/ _ignore_cifs_to_dc_ / _none_
2011-03-18 19:13:43 +01:00
read only = no
ntvfs handler = cifs
cifs:server = $ dcvars - > { SERVER }
cifs:share = cifs
cifs:use - s4u2proxy = yes
# There is no username specified here, instead the client is expected
# to log in with kerberos, and the serverwill use delegated credentials.
# Or the server tries s4u2self/s4u2proxy to impersonate the client
2010-02-19 15:56:30 +11:00
" ;
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
"localrpcproxy" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2010-06-16 11:22:30 +02:00
"locRPCproxypass4" ,
2010-02-19 15:56:30 +11:00
$ dcvars - > { SERVER_IP } ,
2014-09-10 10:59:39 +02:00
$ dcvars - > { SERVER_IPV6 } ,
2012-09-12 08:52:15 +02:00
$ extra_smbconf_options , "" , undef ) ;
2010-02-19 15:56:30 +11:00
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-02-19 15:56:30 +11:00
2011-04-27 11:19:20 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2011-03-18 19:13:43 +01:00
# The joind runs in the context of the rpc_proxy/member for now
2010-02-19 15:56:30 +11:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-02-19 15:56:30 +11:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2011-07-19 12:54:37 +10:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 15:56:30 +11:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 22:57:45 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2010-02-19 15:56:30 +11:00
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-02-19 15:56:30 +11:00
2011-03-18 19:13:43 +01:00
# Setting up delegation runs in the context of the DC for now
2011-07-04 10:28:43 +02:00
$ cmd = "" ;
2011-03-18 19:13:43 +01:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" " ;
$ cmd . = "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on" ;
2013-09-22 11:24:57 -07:00
$ cmd . = " $dcvars->{CONFIGURATION}" ;
print $ cmd ;
2011-03-18 19:13:43 +01:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Delegation failed\n$cmd" ) ;
return undef ;
}
# Setting up delegation runs in the context of the DC for now
2011-07-04 10:28:43 +02:00
$ cmd = "" ;
2011-03-18 19:13:43 +01:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" " ;
$ cmd . = "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}" ;
2013-09-22 11:24:57 -07:00
$ cmd . = " $dcvars->{CONFIGURATION}" ;
2011-03-18 19:13:43 +01:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Delegation failed\n$cmd" ) ;
return undef ;
}
2010-02-19 15:56:30 +11:00
$ ret - > { RPC_PROXY_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RPC_PROXY_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { RPC_PROXY_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 15:56:30 +11:00
$ ret - > { RPC_PROXY_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { RPC_PROXY_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { RPC_PROXY_PASSWORD } = $ ret - > { PASSWORD } ;
2007-04-28 08:57:06 +00:00
2011-03-25 12:33:33 +01:00
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2011-03-25 12:33:33 +01:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
2007-04-17 00:30:01 +00:00
return $ ret ;
2007-04-12 08:33:35 +00:00
}
2013-01-27 12:15:50 +01:00
sub provision_promoted_dc ($$$)
2012-07-06 15:39:09 +10:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2015-02-17 15:47:47 +13:00
print "PROVISIONING PROMOTED DC..." ;
2012-07-06 15:39:09 +10:00
2015-02-17 15:47:47 +13:00
# We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
2012-07-06 15:39:09 +10:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"promotedvdc" ,
"SAMBADOMAIN" ,
"samba.example.com" ,
"2008" ,
$ dcvars - > { PASSWORD } ,
2014-09-10 10:59:39 +02:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2012-09-12 08:52:15 +02:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2012-07-06 15:39:09 +10:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { statedir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
unless ( $ ret ) {
return undef ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2012-07-06 15:39:09 +10:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}" ;
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 22:57:45 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2012-07-06 15:39:09 +10:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}" ;
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2012-12-26 10:03:47 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ" ;
2012-07-06 15:39:09 +10:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2013-01-27 12:15:50 +01:00
$ ret - > { PROMOTED_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { PROMOTED_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { PROMOTED_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2013-01-27 12:15:50 +01:00
$ ret - > { PROMOTED_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
2012-07-06 15:39:09 +10:00
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2012-07-06 15:39:09 +10:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2010-03-12 10:36:12 +11:00
sub provision_vampire_dc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING VAMPIRE DC..." ;
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
2010-06-16 11:13:28 +02:00
"localvampiredc" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2012-03-02 11:44:56 +11:00
$ dcvars - > { PASSWORD } ,
2014-09-10 10:59:39 +02:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2012-09-12 08:52:15 +02:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2010-03-12 10:36:12 +11:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } / sysvol
2010-03-12 10:36:12 +11:00
read only = yes
[ netlogon ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2010-03-12 10:36:12 +11:00
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-03-12 10:36:12 +11:00
2011-04-27 11:19:20 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-03-12 10:36:12 +11:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-03-12 10:36:12 +11:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2011-07-19 12:54:37 +10:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}" ;
2011-08-11 23:07:35 +02:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only" ;
2013-02-28 22:57:45 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs" ;
2010-03-12 10:36:12 +11:00
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-03-12 10:36:12 +11:00
$ ret - > { VAMPIRE_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { VAMPIRE_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { VAMPIRE_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-03-12 10:36:12 +11:00
$ ret - > { VAMPIRE_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-03-12 10:36:12 +11:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
2013-09-09 17:14:45 +12:00
$ ret - > { DC_REALM } = $ dcvars - > { DC_REALM } ;
2010-03-12 10:36:12 +11:00
return $ ret ;
}
2011-08-25 21:47:03 +10:00
sub provision_subdom_dc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING SUBDOMAIN DC..." ;
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"localsubdc" ,
"SAMBASUBDOM" ,
"sub.samba.example.com" ,
"2008" ,
2012-03-02 11:44:56 +11:00
$ dcvars - > { PASSWORD } ,
2012-09-12 08:52:15 +02:00
undef ) ;
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2011-08-25 21:47:03 +10:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { statedir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
unless ( $ ret ) {
return undef ;
}
2015-03-24 19:05:10 +01:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2011-08-25 21:47:03 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2011-08-25 21:47:03 +10:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2014-08-11 17:30:51 +12:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain " ;
2011-08-25 21:47:03 +10:00
$ cmd . = "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 22:57:45 +11:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs" ;
2014-08-11 13:36:09 +12:00
$ cmd . = " --adminpass=$ret->{PASSWORD}" ;
2011-08-25 21:47:03 +10:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
$ ret - > { SUBDOM_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { SUBDOM_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { SUBDOM_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2011-08-25 21:47:03 +10:00
$ ret - > { SUBDOM_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2011-08-25 21:47:03 +10:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2015-03-05 23:38:26 +01:00
sub provision_ad_dc_ntvfs ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ prefix ) = @ _ ;
2007-03-21 15:57:07 +00:00
2015-06-12 14:41:20 +12:00
# We keep the old 'winbind' name here in server services to
# ensure upgrades which used that name still work with the now
# alias.
2015-03-05 23:38:26 +01:00
print "PROVISIONING AD DC (NTVFS)..." ;
2014-05-20 10:15:31 +12:00
my $ extra_conf_options = " netbios aliases = localDC1 - a
server services = + winbind - winbindd " ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"localdc" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2010-06-16 11:22:30 +02:00
"locDCpass1" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
$ extra_conf_options ,
"" ,
undef ) ;
2007-04-17 00:30:01 +00:00
2010-11-01 01:00:46 +03:00
return undef unless ( defined $ ret ) ;
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2011-12-13 15:43:35 +11:00
$ ret - > { NETBIOSALIAS } = "localdc1-a" ;
2010-02-19 15:56:30 +11:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 15:56:30 +11:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
2013-09-09 17:14:45 +12:00
$ ret - > { DC_REALM } = $ ret - > { REALM } ;
2010-02-19 15:56:30 +11:00
2007-04-17 00:30:01 +00:00
return $ ret ;
2007-03-05 21:28:55 +00:00
}
2010-06-15 22:24:36 +10:00
sub provision_fl2000dc ($$)
{
my ( $ self , $ prefix ) = @ _ ;
2014-09-10 12:23:38 +02:00
print "PROVISIONING DC WITH FOREST LEVEL 2000..." ;
2010-06-15 22:24:36 +10:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc5" ,
2010-11-01 01:05:03 +03:00
"SAMBA2000" ,
"samba2000.example.com" ,
2010-06-15 22:24:36 +10:00
"2000" ,
2010-06-16 11:14:46 +02:00
"locDCpass5" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
"" ,
"" ,
undef ) ;
2010-06-15 22:24:36 +10:00
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-15 22:24:36 +10:00
return $ ret ;
}
2015-02-11 09:58:07 +01:00
sub provision_fl2003dc ($$$)
2010-06-21 22:17:40 +10:00
{
2015-02-11 09:58:07 +01:00
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2010-06-21 22:17:40 +10:00
2014-09-10 12:23:38 +02:00
print "PROVISIONING DC WITH FOREST LEVEL 2003..." ;
2014-05-20 10:15:31 +12:00
my $ extra_conf_options = "allow dns updates = nonsecure and secure" ;
2010-06-21 22:17:40 +10:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc6" ,
2010-06-21 22:17:40 +10:00
"SAMBA2003" ,
"samba2003.example.com" ,
"2003" ,
"locDCpass6" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
$ extra_conf_options ,
"" ,
undef ) ;
2010-06-21 22:17:40 +10:00
2014-05-19 17:32:56 +12:00
unless ( defined $ ret ) {
return undef ;
}
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2014-05-19 17:32:56 +12:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
my @ samba_tool_options ;
push ( @ samba_tool_options , Samba:: bindir_path ( $ self , "samba-tool" ) ) ;
push ( @ samba_tool_options , "domain" ) ;
push ( @ samba_tool_options , "passwordsettings" ) ;
push ( @ samba_tool_options , "set" ) ;
push ( @ samba_tool_options , "--configfile=$ret->{SERVERCONFFILE}" ) ;
push ( @ samba_tool_options , "--min-pwd-age=0" ) ;
push ( @ samba_tool_options , "--history-length=1" ) ;
my $ samba_tool_cmd = join ( " " , @ samba_tool_options ) ;
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to set min password age to 0: \n$samba_tool_cmd\n" ) ;
return undef ;
}
return $ ret ;
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-21 22:17:40 +10:00
return $ ret ;
}
2015-02-11 09:58:07 +01:00
sub provision_fl2008r2dc ($$$)
2010-06-21 22:17:40 +10:00
{
2015-02-11 09:58:07 +01:00
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2010-06-21 22:17:40 +10:00
2014-09-10 12:23:38 +02:00
print "PROVISIONING DC WITH FOREST LEVEL 2008r2..." ;
2010-06-21 22:17:40 +10:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc7" ,
2010-06-21 22:17:40 +10:00
"SAMBA2008R2" ,
"samba2008R2.example.com" ,
2010-06-23 10:24:14 +10:00
"2008_R2" ,
2010-06-21 22:17:40 +10:00
"locDCpass7" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
"" ,
"" ,
undef ) ;
2010-06-21 22:17:40 +10:00
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-21 22:17:40 +10:00
return $ ret ;
}
2010-09-09 18:02:31 +10:00
sub provision_rodc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING RODC..." ;
# We do this so that we don't run the provision. That's the job of 'net join RODC'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"rodc" ,
"SAMBADOMAIN" ,
"samba.example.com" ,
"2008" ,
2012-03-02 11:44:56 +11:00
$ dcvars - > { PASSWORD } ,
2014-09-10 10:59:39 +02:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ctx ) {
return undef ;
}
2010-09-09 18:02:31 +10:00
2012-09-12 08:52:15 +02:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2012-04-30 15:08:38 +10:00
$ ctx - > { share } = "$ctx->{prefix_abs}/share" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}" ) ;
2010-09-09 18:02:31 +10:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } / sysvol
2010-09-09 18:02:31 +10:00
read only = yes
[ netlogon ]
2011-07-12 13:14:41 +02:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2010-09-09 18:02:31 +10:00
read only = yes
[ tmp ]
2012-04-30 15:08:38 +10:00
path = $ ctx - > { share }
2010-09-09 18:02:31 +10:00
read only = no
posix:sharedelay = 10000
posix:oplocktimeout = 3
2012-03-15 17:32:51 +01:00
posix:writetimeupdatedelay = 50000
2010-09-09 18:02:31 +10:00
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-09-09 18:02:31 +10:00
2011-04-27 11:19:20 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-09-09 18:02:31 +10:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 11:00:28 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-09-09 18:02:31 +10:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2011-07-19 12:54:37 +10:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC" ;
2010-09-09 18:02:31 +10:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2012-08-23 20:17:57 +10:00
$ cmd . = " --server=$dcvars->{DC_SERVER} --use-ntvfs" ;
2010-09-09 18:02:31 +10:00
2015-01-21 15:57:40 +13:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "RODC join failed\n$cmd" ) ;
return undef ;
}
2015-03-29 11:15:29 +02:00
# This ensures deterministic behaviour for tests that want to have the 'testallowed account'
2015-01-21 15:57:40 +13:00
# user password verified on the RODC
2015-03-29 11:15:29 +02:00
my $ testallowed_account = "testallowed account" ;
2015-01-21 15:57:40 +13:00
$ cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2015-03-29 11:15:29 +02:00
$ cmd . = "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}" ;
2015-01-21 15:57:40 +13:00
$ cmd . = " --server=$dcvars->{DC_SERVER}" ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "RODC join failed\n$cmd" ) ;
return undef ;
}
2010-09-09 18:02:31 +10:00
2011-03-04 10:05:51 +01:00
# we overwrite the kdc after the RODC join
# so that use the RODC as kdc and test
# the proxy code
$ ctx - > { kdc_ipv4 } = $ ret - > { SERVER_IP } ;
2014-09-10 10:59:39 +02:00
$ ctx - > { kdc_ipv6 } = $ ret - > { SERVER_IPV6 } ;
2011-04-19 16:38:46 +10:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2011-03-04 10:05:51 +01:00
2010-09-09 18:02:31 +10:00
$ ret - > { RODC_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RODC_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { RODC_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-09-09 18:02:31 +10:00
$ ret - > { RODC_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-09-09 18:02:31 +10:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2015-03-05 18:08:43 +01:00
sub provision_ad_dc ($$)
2011-05-08 06:55:33 +02:00
{
my ( $ self , $ prefix ) = @ _ ;
2012-04-26 15:20:02 +10:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2012-04-30 23:39:27 +10:00
my $ bindir_abs = abs_path ( $ self - > { bindir } ) ;
my $ lockdir = "$prefix_abs/lockdir" ;
2012-08-30 14:09:49 +02:00
my $ conffile = "$prefix_abs/etc/smb.conf" ;
2012-04-30 23:39:27 +10:00
2011-05-08 06:55:33 +02:00
my $ extra_smbconf_options = "
2012-04-26 15:20:02 +10:00
server services = - smb + s3fs
xattr_tdb:file = $ prefix_abs /statedir/x attr . tdb
2013-05-13 11:14:26 +02:00
dbwrap_tdb_mutexes: * = yes
2012-04-26 15:20:02 +10:00
kernel oplocks = no
kernel change notify = no
2015-03-23 16:16:36 -07:00
logging = file
2012-04-26 15:20:02 +10:00
printing = bsd
printcap name = /dev/ null
2012-09-12 14:10:55 +02:00
max protocol = SMB3
2012-04-26 15:20:02 +10:00
read only = no
server signing = auto
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
2013-03-10 20:25:53 +11:00
create mask = 755
2012-04-26 15:20:02 +10:00
dos filemode = yes
2012-05-01 16:06:39 +10:00
dcerpc endpoint servers = - winreg - srvsvc
2012-04-30 23:39:27 +10:00
printcap name = /dev/ null
2012-08-30 14:09:49 +02:00
addprinter command = $ ENV { SRCDIR_ABS } /source3/sc ript /tests/ printing / modprinter . pl - a - s $ conffile - -
deleteprinter command = $ ENV { SRCDIR_ABS } /source3/sc ript /tests/ printing / modprinter . pl - d - s $ conffile - -
2012-04-30 23:39:27 +10:00
printing = vlp
print command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb print % p % s
lpq command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpq % p
lp rm command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lprm % p % j
lp pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lppause % p % j
lp resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpresume % p % j
queue pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queuepause % p
queue resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queueresume % p
lpq cache time = 0
2013-10-14 13:53:22 +02:00
print notify backchannel = yes
2012-04-26 15:20:02 +10:00
" ;
my $ extra_smbconf_shares = "
2012-08-17 08:50:21 +02:00
[ tmpenc ]
copy = tmp
smb encrypt = required
2012-04-26 15:20:02 +10:00
[ tmpcase ]
copy = tmp
case sensitive = yes
[ tmpguest ]
copy = tmp
guest ok = yes
2012-04-30 15:17:54 +10:00
[ hideunread ]
copy = tmp
hide unreadable = yes
2012-08-30 14:09:49 +02:00
2012-08-09 15:27:50 +02:00
[ durable ]
copy = tmp
kernel share modes = no
kernel oplocks = no
posix locking = no
2012-08-30 14:09:49 +02:00
[ print \ $]
copy = tmp
[ print1 ]
copy = tmp
printable = yes
[ print2 ]
copy = print1
[ print3 ]
copy = print1
[ lp ]
copy = print1
2011-05-08 06:55:33 +02:00
" ;
2015-03-05 18:08:43 +01:00
print "PROVISIONING AD DC..." ;
2011-05-08 06:55:33 +02:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2015-03-05 18:08:43 +01:00
"addc" ,
"ADDOMAIN" ,
"addc.samba.example.com" ,
2011-05-08 06:55:33 +02:00
"2008" ,
"locDCpass1" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
$ extra_smbconf_options ,
$ extra_smbconf_shares ,
undef ) ;
2011-05-08 06:55:33 +02:00
return undef unless ( defined $ ret ) ;
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2011-05-08 06:55:33 +02:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
return $ ret ;
}
2012-02-29 12:48:21 +11:00
sub provision_chgdcpass ($$)
{
my ( $ self , $ prefix ) = @ _ ;
print "PROVISIONING CHGDCPASS..." ;
2012-09-12 08:52:15 +02:00
my $ extra_provision_options = undef ;
push ( @ { $ extra_provision_options } , "--dns-backend=BIND9_DLZ" ) ;
2012-02-29 12:48:21 +11:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"chgdcpass" ,
"CHDCDOMAIN" ,
"chgdcpassword.samba.example.com" ,
"2008" ,
"chgDCpass1" ,
2014-09-10 10:59:39 +02:00
undef ,
undef ,
2015-06-17 11:59:49 +12:00
"" ,
2014-09-10 10:59:39 +02:00
"" ,
2012-09-12 08:52:15 +02:00
$ extra_provision_options ) ;
2012-02-29 12:48:21 +11:00
return undef unless ( defined $ ret ) ;
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2012-08-29 09:10:40 +10:00
2014-05-20 10:15:31 +12:00
# Remove secrets.tdb from this environment to test that we
# still start up on systems without the new matching
2015-06-17 11:59:49 +12:00
# secrets.tdb records.
2013-02-20 14:59:42 +10:30
unless ( unlink ( "$ret->{PRIVATEDIR}/secrets.tdb" ) || unlink ( "$ret->{PRIVATEDIR}/secrets.ntdb" ) ) {
2012-08-29 09:10:40 +10:00
warn ( "Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision" ) ;
return undef ;
}
2012-02-29 12:48:21 +11:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2012-02-29 12:48:21 +11:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
return $ ret ;
}
2007-04-10 20:19:31 +00:00
sub teardown_env ($$)
2007-03-21 15:57:07 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2007-07-04 00:34:16 +00:00
my $ pid ;
2007-03-21 15:57:07 +00:00
2012-03-02 18:01:13 +11:00
# This should cause samba to terminate gracefully
close ( $ envvars - > { STDIN_PIPE } ) ;
2007-03-21 15:57:07 +00:00
2012-03-04 17:30:45 +11:00
$ pid = $ envvars - > { SAMBA_PID } ;
my $ count = 0 ;
my $ childpid ;
2012-03-04 18:32:44 +11:00
# This should give it time to write out the gcov data
2012-06-29 13:38:11 +10:00
until ( $ count > 30 ) {
2012-03-04 18:32:44 +11:00
if ( Samba:: cleanup_child ( $ pid , "samba" ) == - 1 ) {
last ;
}
2012-03-04 17:30:45 +11:00
sleep ( 1 ) ;
$ count + + ;
}
2012-03-04 18:32:44 +11:00
2013-09-19 05:52:59 -07:00
if ( $ count > 30 || kill ( 0 , $ pid ) ) {
kill "TERM" , $ pid ;
2012-03-04 18:32:44 +11:00
2013-09-19 05:52:59 -07:00
until ( $ count > 40 ) {
if ( Samba:: cleanup_child ( $ pid , "samba" ) == - 1 ) {
last ;
}
sleep ( 1 ) ;
$ count + + ;
2012-03-04 18:32:44 +11:00
}
2013-09-19 05:52:59 -07:00
# If it is still around, kill it
2012-03-04 18:32:44 +11:00
warn "server process $pid took more than $count seconds to exit, killing\n" ;
2012-03-04 17:30:45 +11:00
kill 9 , $ pid ;
2007-03-21 15:57:07 +00:00
}
2007-04-10 20:19:31 +00:00
$ self - > slapd_stop ( $ envvars ) if ( $ self - > { ldap } ) ;
2007-03-21 15:57:07 +00:00
2007-04-19 16:37:11 +00:00
print $ self - > getlog_env ( $ envvars ) ;
2012-03-04 17:30:45 +11:00
return ;
2007-03-21 15:57:07 +00:00
}
2007-04-18 14:02:26 +00:00
sub getlog_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2009-02-04 15:17:14 +01:00
my $ title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n" ;
2007-04-18 14:02:26 +00:00
my $ out = $ title ;
2009-02-04 15:17:14 +01:00
open ( LOG , "<$envvars->{SAMBA_TEST_LOG}" ) ;
2007-04-18 14:02:26 +00:00
2009-02-04 15:17:14 +01:00
seek ( LOG , $ envvars - > { SAMBA_TEST_LOG_POS } , SEEK_SET ) ;
2007-04-18 14:02:26 +00:00
while ( <LOG> ) {
$ out . = $ _ ;
}
2009-02-04 15:17:14 +01:00
$ envvars - > { SAMBA_TEST_LOG_POS } = tell ( LOG ) ;
2007-04-18 14:02:26 +00:00
close ( LOG ) ;
return "" if $ out eq $ title ;
2010-11-01 01:05:03 +03:00
2007-04-18 14:02:26 +00:00
return $ out ;
}
2007-04-19 14:54:09 +00:00
sub check_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2012-03-04 17:30:45 +11:00
my $ childpid = Samba:: cleanup_child ( $ envvars - > { SAMBA_PID } , "samba" ) ;
2012-03-02 18:20:45 +11:00
2012-03-04 17:30:45 +11:00
return ( $ childpid == 0 ) ;
2007-04-19 14:54:09 +00:00
}
2007-04-11 03:45:39 +00:00
sub setup_env ($$$)
2007-03-05 21:28:55 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ envname , $ path ) = @ _ ;
2011-04-19 16:38:46 +10:00
my $ target3 = $ self - > { target3 } ;
2007-04-18 14:02:26 +00:00
2010-10-02 12:42:00 -07:00
$ ENV { ENVNAME } = $ envname ;
2012-02-15 08:55:05 +11:00
if ( defined ( $ self - > { vars } - > { $ envname } ) ) {
return $ self - > { vars } - > { $ envname } ;
}
2015-03-05 23:38:26 +01:00
if ( $ envname eq "ad_dc_ntvfs" ) {
return $ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-06-15 22:24:36 +10:00
} elsif ( $ envname eq "fl2000dc" ) {
return $ self - > setup_fl2000dc ( "$path/fl2000dc" ) ;
2010-06-21 22:17:40 +10:00
} elsif ( $ envname eq "fl2003dc" ) {
2015-02-11 09:58:07 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc } ) ) {
$ self - > setup_ad_dc ( "$path/ad_dc" ) ;
}
return $ self - > setup_fl2003dc ( "$path/fl2003dc" , $ self - > { vars } - > { ad_dc } ) ;
2010-06-21 22:17:40 +10:00
} elsif ( $ envname eq "fl2008r2dc" ) {
2015-02-11 09:58:07 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc } ) ) {
$ self - > setup_ad_dc ( "$path/ad_dc" ) ;
}
return $ self - > setup_fl2008r2dc ( "$path/fl2008r2dc" , $ self - > { vars } - > { ad_dc } ) ;
2010-02-19 15:56:30 +11:00
} elsif ( $ envname eq "rpc_proxy" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-02-19 15:56:30 +11:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_rpc_proxy ( "$path/rpc_proxy" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2010-03-12 10:36:12 +11:00
} elsif ( $ envname eq "vampire_dc" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-03-12 10:36:12 +11:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_vampire_dc ( "$path/vampire_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2013-01-27 12:15:50 +01:00
} elsif ( $ envname eq "promoted_dc" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2012-07-06 15:39:09 +10:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_promoted_dc ( "$path/promoted_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2011-08-25 21:47:03 +10:00
} elsif ( $ envname eq "subdom_dc" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2011-08-25 21:47:03 +10:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_subdom_dc ( "$path/subdom_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2011-04-18 18:57:22 +10:00
} elsif ( $ envname eq "s4member" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2007-04-12 08:33:35 +00:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_s4member ( "$path/s4member" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2010-09-09 18:02:31 +10:00
} elsif ( $ envname eq "rodc" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-09-09 18:02:31 +10:00
}
2015-03-05 23:38:26 +01:00
return $ self - > setup_rodc ( "$path/rodc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2012-02-29 12:48:21 +11:00
} elsif ( $ envname eq "chgdcpass" ) {
return $ self - > setup_chgdcpass ( "$path/chgdcpass" , $ self - > { vars } - > { chgdcpass } ) ;
2015-03-05 23:46:14 +01:00
} elsif ( $ envname eq "ad_member" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2011-04-19 16:38:46 +10:00
}
2015-03-05 23:46:14 +01:00
return $ target3 - > setup_admember ( "$path/ad_member" , $ self - > { vars } - > { ad_dc_ntvfs } , 29 ) ;
2015-03-05 18:08:43 +01:00
} elsif ( $ envname eq "ad_dc" ) {
return $ self - > setup_ad_dc ( "$path/ad_dc" ) ;
} elsif ( $ envname eq "ad_dc_no_nss" ) {
return $ self - > setup_ad_dc ( "$path/ad_dc_no_nss" , "no_nss" ) ;
2015-03-06 00:58:45 +01:00
} elsif ( $ envname eq "ad_member_rfc2307" ) {
2015-03-05 23:38:26 +01:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2013-02-21 12:33:23 -07:00
}
2015-03-06 00:58:45 +01:00
return $ target3 - > setup_admember_rfc2307 ( "$path/ad_member_rfc2307" ,
2015-03-05 23:38:26 +01:00
$ self - > { vars } - > { ad_dc_ntvfs } , 34 ) ;
2007-04-10 20:19:31 +00:00
} else {
2012-02-13 12:14:57 +11:00
return "UNKNOWN" ;
2007-04-10 20:19:31 +00:00
}
}
2014-05-24 22:47:30 +12:00
sub setup_s4member ($$$)
2007-04-12 08:33:35 +00:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2014-05-24 22:47:30 +12:00
my $ env = $ self - > provision_s4member ( $ path , $ dc_vars ) ;
2007-04-12 08:33:35 +00:00
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2007-04-12 08:33:35 +00:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2007-04-12 08:33:35 +00:00
2014-05-24 22:47:30 +12:00
$ self - > { vars } - > { s4member } = $ env ;
2010-11-01 01:00:46 +03:00
}
2010-02-19 15:56:30 +11:00
return $ env ;
}
2010-03-12 10:36:12 +11:00
sub setup_rpc_proxy ($$$)
2010-02-19 15:56:30 +11:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rpc_proxy ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-02-19 15:56:30 +11:00
2010-11-06 13:48:31 +11:00
$ self - > wait_for_start ( $ env ) ;
2010-02-19 15:56:30 +11:00
2010-11-06 13:48:31 +11:00
$ self - > { vars } - > { rpc_proxy } = $ env ;
2010-11-01 01:00:46 +03:00
}
2007-04-12 08:33:35 +00:00
return $ env ;
}
2015-03-05 23:38:26 +01:00
sub setup_ad_dc_ntvfs ($$)
2007-04-10 20:19:31 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ path ) = @ _ ;
2007-04-04 12:23:10 +00:00
2015-03-05 23:38:26 +01:00
my $ env = $ self - > provision_ad_dc_ntvfs ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "standard" ) ;
2007-04-04 12:23:10 +00:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2007-04-12 08:33:35 +00:00
2015-03-05 23:38:26 +01:00
$ self - > { vars } - > { ad_dc_ntvfs } = $ env ;
2010-11-01 01:00:46 +03:00
}
2007-04-04 12:23:10 +00:00
return $ env ;
2007-03-05 21:28:55 +00:00
}
2012-02-29 12:48:21 +11:00
sub setup_chgdcpass ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_chgdcpass ( $ path ) ;
if ( defined $ env ) {
$ self - > check_or_start ( $ env , "single" ) ;
$ self - > wait_for_start ( $ env ) ;
$ self - > { vars } - > { chgdcpass } = $ env ;
}
return $ env ;
}
2010-06-15 22:24:36 +10:00
sub setup_fl2000dc ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_fl2000dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-06-15 22:24:36 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-15 22:24:36 +10:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2000dc } = $ env ;
}
2010-06-15 22:24:36 +10:00
return $ env ;
}
2015-02-11 09:58:07 +01:00
sub setup_fl2003dc ($$$)
2010-06-21 22:17:40 +10:00
{
2015-02-11 09:58:07 +01:00
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2010-06-21 22:17:40 +10:00
my $ env = $ self - > provision_fl2003dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-21 22:17:40 +10:00
2015-02-11 09:58:07 +01:00
$ env = $ self - > setup_trust ( $ env , $ dc_vars , "external" , "--no-aes-keys" ) ;
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2003dc } = $ env ;
}
2010-06-21 22:17:40 +10:00
return $ env ;
}
2015-02-11 09:58:07 +01:00
sub setup_fl2008r2dc ($$$)
2010-06-21 22:17:40 +10:00
{
2015-02-11 09:58:07 +01:00
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2010-06-21 22:17:40 +10:00
my $ env = $ self - > provision_fl2008r2dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-21 22:17:40 +10:00
2015-05-11 13:45:59 +02:00
my $ upn_array = [ "$env->{REALM}.upn" ] ;
my $ spn_array = [ "$env->{REALM}.spn" ] ;
$ self - > setup_namespaces ( $ env , $ upn_array , $ spn_array ) ;
2015-02-11 09:58:07 +01:00
$ env = $ self - > setup_trust ( $ env , $ dc_vars , "forest" , "" ) ;
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2008r2dc } = $ env ;
}
2010-06-21 22:17:40 +10:00
return $ env ;
}
2010-03-12 10:36:12 +11:00
sub setup_vampire_dc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_vampire_dc ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
$ self - > { vars } - > { vampire_dc } = $ env ;
# force replicated DC to update repsTo/repsFrom
# for vampired partitions
2011-04-27 11:19:20 +10:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-11-01 01:00:46 +03:00
my $ cmd = "" ;
2014-09-10 11:00:28 +02:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ env - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-11-01 01:00:46 +03:00
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2015-02-20 17:56:39 +13:00
$ cmd . = " $samba_tool drs kcc -k no $env->{DC_SERVER}" ;
2011-08-09 12:20:54 +02:00
$ cmd . = " $env->{CONFIGURATION}" ;
2010-11-01 01:00:46 +03:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
2010-08-28 01:30:09 +03:00
2010-11-01 01:00:46 +03:00
# as 'vampired' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
2014-09-10 11:00:28 +02:00
$ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ env - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-11-01 01:00:46 +03:00
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2012-07-06 15:39:09 +10:00
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
}
return $ env ;
}
2013-01-27 12:15:50 +01:00
sub setup_promoted_dc ($$$)
2012-07-06 15:39:09 +10:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2013-01-27 12:15:50 +01:00
my $ env = $ self - > provision_promoted_dc ( $ path , $ dc_vars ) ;
2012-07-06 15:39:09 +10:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env , "single" ) ;
$ self - > wait_for_start ( $ env ) ;
2013-01-27 12:15:50 +01:00
$ self - > { vars } - > { promoted_dc } = $ env ;
2012-07-06 15:39:09 +10:00
2015-02-20 17:56:39 +13:00
# force source and replicated DC to update repsTo/repsFrom
2012-07-06 15:39:09 +10:00
# for vampired partitions
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc $env->{DC_SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
2015-02-20 17:56:39 +13:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc $env->{SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
2012-07-06 15:39:09 +10:00
# as 'vampired' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}" ;
2011-08-09 12:20:54 +02:00
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
2010-11-01 01:00:46 +03:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
2010-09-14 14:41:42 +02:00
}
2010-08-28 01:30:09 +03:00
2010-03-12 10:36:12 +11:00
return $ env ;
}
2011-08-25 21:47:03 +10:00
sub setup_subdom_dc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_subdom_dc ( $ path , $ dc_vars ) ;
if ( defined $ env ) {
$ self - > check_or_start ( $ env , "single" ) ;
$ self - > wait_for_start ( $ env ) ;
$ self - > { vars } - > { subdom_dc } = $ env ;
# force replicated DC to update repsTo/repsFrom
# for primary domain partitions
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc $env->{DC_SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
2011-08-26 13:23:41 +10:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}" ;
2011-08-25 21:47:03 +10:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
# as 'subdomain' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ env - > { REALM } ) ) ;
my $ config_dn = "CN=Configuration,DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
2011-08-26 13:23:41 +10:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}" ;
2011-08-25 21:47:03 +10:00
# replicate Configuration NC
my $ cmd_repl = "$cmd \"$config_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
}
return $ env ;
}
2010-09-09 18:02:31 +10:00
sub setup_rodc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rodc ( $ path , $ dc_vars ) ;
2010-09-14 14:41:42 +02:00
unless ( $ env ) {
return undef ;
}
2011-08-12 14:37:04 +10:00
$ self - > check_or_start ( $ env , "single" ) ;
2010-09-09 18:02:31 +10:00
$ self - > wait_for_start ( $ env ) ;
2015-02-20 17:56:39 +13:00
# force source and replicated DC to update repsTo/repsFrom
# for vampired partitions
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc -k no $env->{DC_SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc -k no $env->{SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
2010-09-09 18:02:31 +10:00
$ self - > { vars } - > { rodc } = $ env ;
return $ env ;
}
2015-03-05 18:08:43 +01:00
sub setup_ad_dc ($$)
2011-05-08 06:55:33 +02:00
{
2015-03-05 13:22:07 +01:00
my ( $ self , $ path , $ no_nss ) = @ _ ;
2011-05-08 06:55:33 +02:00
2012-02-16 15:12:49 +11:00
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > { target3 } - > have_ads ( ) ) {
return "UNKNOWN" ;
}
2015-03-05 18:08:43 +01:00
my $ env = $ self - > provision_ad_dc ( $ path ) ;
2012-02-15 16:08:05 +11:00
unless ( $ env ) {
return undef ;
}
2011-05-08 06:55:33 +02:00
2015-03-05 13:22:07 +01:00
if ( defined ( $ no_nss ) and $ no_nss ) {
$ env - > { NSS_WRAPPER_MODULE_SO_PATH } = undef ;
$ env - > { NSS_WRAPPER_MODULE_FN_PREFIX } = undef ;
}
2012-02-15 16:08:05 +11:00
$ self - > check_or_start ( $ env , "single" ) ;
$ self - > wait_for_start ( $ env ) ;
2015-05-11 13:45:59 +02:00
my $ upn_array = [ "$env->{REALM}.upn" ] ;
my $ spn_array = [ "$env->{REALM}.spn" ] ;
$ self - > setup_namespaces ( $ env , $ upn_array , $ spn_array ) ;
2015-03-05 18:08:43 +01:00
$ self - > { vars } - > { ad_dc } = $ env ;
2011-05-08 06:55:33 +02:00
return $ env ;
}
2007-03-05 21:28:55 +00:00
1 ;