1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/selftest/target/Samba3.pm

2692 lines
72 KiB
Perl
Raw Normal View History

#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
# NOTE: Refer to the README for more details about the various testenvs,
# and tips about adding new testenvs.
package Samba3;
use strict;
use warnings;
use Cwd qw(abs_path);
use FindBin qw($RealBin);
use POSIX;
use target::Samba;
use File::Path 'remove_tree';
sub have_ads($) {
my ($self) = @_;
my $found_ads = 0;
my $smbd_build_options = Samba::bindir_path($self, "smbd") . " -b|";
open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!");
while (<IN>) {
if (/WITH_ADS/) {
$found_ads = 1;
}
}
close IN;
# If we were not built with ADS support, pretend we were never even available
print "smbd does not have ADS support\n" unless $found_ads;
return $found_ads;
}
# return smb.conf parameters applicable to @path, based on the underlying
# filesystem type
sub get_fs_specific_conf($$)
{
my ($self, $path) = @_;
my $mods = "";
my $stat_out = `stat --file-system $path` or return "";
if ($stat_out =~ m/Type:\s+btrfs/) {
$mods .= "streams_xattr btrfs";
}
if ($mods) {
return "vfs objects = $mods";
}
return '';
}
sub new($$) {
my ($classname, $bindir, $srcdir, $server_maxtime) = @_;
my $self = { vars => {},
bindir => $bindir,
srcdir => $srcdir,
server_maxtime => $server_maxtime
};
bless $self;
return $self;
}
sub teardown_env($$)
{
my ($self, $envvars) = @_;
my $count = 0;
# This should cause smbd to terminate gracefully
close($envvars->{STDIN_PIPE});
my $smbdpid = $envvars->{SMBD_TL_PID};
my $nmbdpid = $envvars->{NMBD_TL_PID};
my $winbinddpid = $envvars->{WINBINDD_TL_PID};
# This should give it time to write out the gcov data
until ($count > 20) {
my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
if ($smbdchild == -1
&& $nmbdchild == -1
&& $winbinddchild == -1) {
last;
}
sleep(1);
$count++;
}
if ($count <= 20 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
return;
}
$self->stop_sig_term($smbdpid);
$self->stop_sig_term($nmbdpid);
2009-01-28 19:28:51 +03:00
$self->stop_sig_term($winbinddpid);
$count = 0;
until ($count > 10) {
my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
if ($smbdchild == -1
&& $nmbdchild == -1
&& $winbinddchild == -1) {
last;
}
sleep(1);
$count++;
}
if ($count <= 10 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
return;
}
warn("timelimit process did not quit on SIGTERM, sending SIGKILL");
$self->stop_sig_kill($smbdpid);
$self->stop_sig_kill($nmbdpid);
2009-01-28 19:28:51 +03:00
$self->stop_sig_kill($winbinddpid);
return 0;
}
sub getlog_env_app($$$)
{
my ($self, $envvars, $name) = @_;
my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n";
my $out = $title;
open(LOG, "<".$envvars->{$name."_TEST_LOG"});
seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET);
while (<LOG>) {
$out .= $_;
}
$envvars->{$name."_TEST_LOG_POS"} = tell(LOG);
close(LOG);
return "" if $out eq $title;
return $out;
}
sub getlog_env($$)
{
my ($self, $envvars) = @_;
my $ret = "";
$ret .= $self->getlog_env_app($envvars, "SMBD");
$ret .= $self->getlog_env_app($envvars, "NMBD");
2009-01-28 19:28:51 +03:00
$ret .= $self->getlog_env_app($envvars, "WINBINDD");
return $ret;
}
sub check_env($$)
{
my ($self, $envvars) = @_;
my $childpid = waitpid(-1, WNOHANG);
# TODO ...
return 1;
}
# Declare the environments Samba3 makes available.
# To be set up, they will be called as
# samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...)
%Samba3::ENV_DEPS = (
# name => [dep_1, dep_2, ...],
nt4_dc => [],
nt4_dc_schannel => [],
simpleserver => [],
fileserver => [],
maptoguest => [],
ktest => [],
nt4_member => ["nt4_dc"],
ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"],
ad_member_rfc2307 => ["ad_dc_ntvfs"],
ad_member_idmap_rid => ["ad_dc"],
ad_member_idmap_ad => ["fl2008r2dc"],
);
%Samba3::ENV_DEPS_POST = ();
sub setup_nt4_dc
{
my ($self, $path) = @_;
print "PROVISIONING NT4 DC...";
my $nt4_dc_options = "
domain master = yes
domain logons = yes
lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes
server schannel = auto
rpc_server:epmapper = external
rpc_server:spoolss = external
rpc_server:lsarpc = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:register_embedded_np = yes
rpc_server:FssagentRpc = external
rpc_daemon:epmd = fork
rpc_daemon:spoolssd = fork
rpc_daemon:lsasd = fork
rpc_daemon:fssd = fork
fss: sequence timeout = 1
check parent directory delete on close = yes
";
my $vars = $self->provision(
prefix => $path,
domain => "SAMBA-TEST",
server => "LOCALNT4DC2",
password => "localntdc2pass",
extra_options => $nt4_dc_options);
$vars or return undef;
if (not $self->check_or_start($vars, "yes", "yes", "yes")) {
return undef;
}
$vars->{DOMSID} = $vars->{SAMSID};
$vars->{DC_SERVER} = $vars->{SERVER};
$vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
$vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
$vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
$vars->{DC_USERNAME} = $vars->{USERNAME};
$vars->{DC_PASSWORD} = $vars->{PASSWORD};
return $vars;
}
sub setup_nt4_dc_schannel
{
my ($self, $path) = @_;
print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ...";
my $pdc_options = "
domain master = yes
domain logons = yes
lanman auth = yes
rpc_server:epmapper = external
rpc_server:spoolss = external
rpc_server:lsarpc = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:register_embedded_np = yes
rpc_daemon:epmd = fork
rpc_daemon:spoolssd = fork
rpc_daemon:lsasd = fork
server schannel = yes
# used to reproduce bug #12772
server max protocol = SMB2_02
";
my $vars = $self->provision(
prefix => $path,
domain => "NT4SCHANNEL",
server => "LOCALNT4DC9",
password => "localntdc9pass",
extra_options => $pdc_options);
$vars or return undef;
if (not $self->check_or_start($vars, "yes", "yes", "yes")) {
return undef;
}
$vars->{DOMSID} = $vars->{SAMSID};
$vars->{DC_SERVER} = $vars->{SERVER};
$vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
$vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
$vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
$vars->{DC_USERNAME} = $vars->{USERNAME};
$vars->{DC_PASSWORD} = $vars->{PASSWORD};
return $vars;
}
sub setup_nt4_member
{
my ($self, $prefix, $nt4_dc_vars) = @_;
my $count = 0;
my $rc;
print "PROVISIONING MEMBER...";
my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
$require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1");
my $member_options = "
security = domain
dbwrap_tdb_mutexes:* = yes
${require_mutexes}
";
my $ret = $self->provision(
prefix => $prefix,
domain => $nt4_dc_vars->{DOMAIN},
server => "LOCALNT4MEMBER3",
password => "localnt4member3pass",
extra_options => $member_options);
$ret or return undef;
my $nmblookup = Samba::bindir_path($self, "nmblookup");
do {
print "Waiting for the LOGON SERVER registration ...\n";
$rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c");
if ($rc != 0) {
sleep(1);
}
$count++;
} while ($rc != 0 && $count < 10);
if ($count == 10) {
print "NMBD not reachable after 10 retries\n";
teardown_env($self, $ret);
return 0;
}
my $net = Samba::bindir_path($self, "net");
# Add hosts file for name lookups
my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
$cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
# Add hosts file for name lookups
$cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'";
if (system($cmd) != 0) {
warn("check failed\n$cmd");
return undef;
}
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
$ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
$ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
$ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
$ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
$ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
return $ret;
}
sub setup_ad_member
{
my ($self, $prefix, $dcvars, $trustvars_f, $trustvars_e) = @_;
my $prefix_abs = abs_path($prefix);
my @dirs = ();
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
}
print "PROVISIONING S3 AD MEMBER...";
mkdir($prefix_abs, 0777);
my $share_dir="$prefix_abs/share";
push(@dirs, $share_dir);
my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}";
push(@dirs, $substitution_path);
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice";
push(@dirs, $substitution_path);
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users";
push(@dirs, $substitution_path);
# Using '/' as the winbind separator is a bad idea ...
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}";
push(@dirs, $substitution_path);
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice";
push(@dirs, $substitution_path);
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}";
push(@dirs, $substitution_path);
$substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users";
push(@dirs, $substitution_path);
my $member_options = "
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
netbios aliases = foo bar
template homedir = /home/%D/%G/%U
auth event notification = true
password server = $dcvars->{SERVER}
winbind scan trusted domains = no
winbind use krb5 enterprise principals = yes
[sub_dug]
path = $share_dir/D_%D/U_%U/G_%G
writeable = yes
[sub_dug2]
path = $share_dir/D_%D/u_%u/g_%g
writeable = yes
";
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
server => "LOCALADMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
dc_server_ip => $dcvars->{SERVER_IP},
dc_server_ipv6 => $dcvars->{SERVER_IPV6});
$ret or return undef;
mkdir($_, 0777) foreach(@dirs);
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
$ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = $dcvars->{DOMAIN};
$ctx->{realm} = $dcvars->{REALM};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
$ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
$ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF};
my $net = Samba::bindir_path($self, "net");
# Add hosts file for name lookups
my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
if (defined($ret->{RESOLV_WRAPPER_CONF})) {
$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
} else {
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net join $ret->{CONFIGURATION}";
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777, "$prefix/share";
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
$ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE};
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
# forest trust
$ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER};
$ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP};
$ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6};
$ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME};
$ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME};
$ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD};
$ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN};
$ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM};
# external trust
$ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER};
$ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP};
$ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6};
$ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME};
$ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME};
$ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD};
$ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN};
$ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM};
return $ret;
}
sub setup_ad_member_rfc2307
{
my ($self, $prefix, $dcvars) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
}
print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config...";
my $member_options = "
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
idmap cache time = 0
idmap negative cache time = 0
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
idmap config * : rangesize = 100000
idmap config $dcvars->{DOMAIN} : backend = rfc2307
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
idmap config $dcvars->{DOMAIN} : ldap_server = ad
idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com
idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
password server = $dcvars->{SERVER}
";
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
server => "RFC2307MEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
dc_server_ip => $dcvars->{SERVER_IP},
dc_server_ipv6 => $dcvars->{SERVER_IPV6});
$ret or return undef;
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
$ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = $dcvars->{DOMAIN};
$ctx->{realm} = $dcvars->{REALM};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
$ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
$ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF};
my $net = Samba::bindir_path($self, "net");
# Add hosts file for name lookups
my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
if (defined($ret->{RESOLV_WRAPPER_CONF})) {
$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
} else {
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net join $ret->{CONFIGURATION}";
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777, "$prefix/share";
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
return $ret;
}
sub setup_ad_member_idmap_rid
{
my ($self, $prefix, $dcvars) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
}
print "PROVISIONING S3 AD MEMBER WITH idmap_rid config...";
my $member_options = "
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config $dcvars->{DOMAIN} : backend = rid
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
# Prevent overridding the provisioned lib/krb5.conf which sets certain
# values required for tests to succeed
create krb5 conf = no
map to guest = bad user
";
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
server => "IDMAPRIDMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
dc_server_ip => $dcvars->{SERVER_IP},
dc_server_ipv6 => $dcvars->{SERVER_IPV6});
$ret or return undef;
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
$ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = $dcvars->{DOMAIN};
$ctx->{realm} = $dcvars->{REALM};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
$ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
$ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF};
my $net = Samba::bindir_path($self, "net");
# Add hosts file for name lookups
my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
if (defined($ret->{RESOLV_WRAPPER_CONF})) {
$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
} else {
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net join $ret->{CONFIGURATION}";
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777, "$prefix/share";
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
return $ret;
}
sub setup_ad_member_idmap_ad
{
my ($self, $prefix, $dcvars) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
}
print "PROVISIONING S3 AD MEMBER WITH idmap_ad config...";
my $member_options = "
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
password server = $dcvars->{SERVER}
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config $dcvars->{DOMAIN} : backend = ad
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
";
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
server => "IDMAPADMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
dc_server_ip => $dcvars->{SERVER_IP},
dc_server_ipv6 => $dcvars->{SERVER_IPV6});
$ret or return undef;
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
$ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = $dcvars->{DOMAIN};
$ctx->{realm} = $dcvars->{REALM};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
$ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
$ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
$ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF};
my $net = Samba::bindir_path($self, "net");
# Add hosts file for name lookups
my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
if (defined($ret->{RESOLV_WRAPPER_CONF})) {
$cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
} else {
$cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
}
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net join $ret->{CONFIGURATION}";
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777, "$prefix/share";
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
$ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
$ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
$ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
$ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
return $ret;
}
sub setup_simpleserver
2011-02-18 10:52:00 +03:00
{
my ($self, $path) = @_;
print "PROVISIONING simple server...";
2011-02-18 10:52:00 +03:00
my $prefix_abs = abs_path($path);
my $simpleserver_options = "
2011-02-18 10:52:00 +03:00
lanman auth = yes
ntlm auth = yes
vfs objects = xattr_tdb streams_depot
change notify = no
smb encrypt = off
[vfs_aio_pthread]
path = $prefix_abs/share
read only = no
vfs objects = aio_pthread
aio_pthread:aio open = yes
smbd:async dosmode = no
[vfs_aio_pthread_async_dosmode_default1]
path = $prefix_abs/share
read only = no
vfs objects = aio_pthread
store dos attributes = yes
aio_pthread:aio open = yes
smbd:async dosmode = yes
[vfs_aio_pthread_async_dosmode_default2]
path = $prefix_abs/share
read only = no
vfs objects = aio_pthread xattr_tdb
store dos attributes = yes
aio_pthread:aio open = yes
smbd:async dosmode = yes
[vfs_aio_pthread_async_dosmode_force_sync1]
path = $prefix_abs/share
read only = no
vfs objects = aio_pthread
store dos attributes = yes
aio_pthread:aio open = yes
smbd:async dosmode = yes
# This simulates non linux systems
smbd:force sync user path safe threadpool = yes
smbd:force sync user chdir safe threadpool = yes
smbd:force sync root path safe threadpool = yes
smbd:force sync root chdir safe threadpool = yes
[vfs_aio_pthread_async_dosmode_force_sync2]
path = $prefix_abs/share
read only = no
vfs objects = aio_pthread xattr_tdb
store dos attributes = yes
aio_pthread:aio open = yes
smbd:async dosmode = yes
# This simulates non linux systems
smbd:force sync user path safe threadpool = yes
smbd:force sync user chdir safe threadpool = yes
smbd:force sync root path safe threadpool = yes
smbd:force sync root chdir safe threadpool = yes
[vfs_aio_fork]
path = $prefix_abs/share
vfs objects = aio_fork
read only = no
vfs_aio_fork:erratic_testing_mode=yes
[dosmode]
path = $prefix_abs/share
vfs objects =
store dos attributes = yes
hide files = /hidefile/
hide dot files = yes
[enc_desired]
path = $prefix_abs/share
vfs objects =
smb encrypt = desired
[hidenewfiles]
path = $prefix_abs/share
hide new files timeout = 5
2011-02-18 10:52:00 +03:00
";
my $vars = $self->provision(
prefix => $path,
domain => "WORKGROUP",
server => "LOCALSHARE4",
password => "local4pass",
extra_options => $simpleserver_options);
2011-02-18 10:52:00 +03:00
$vars or return undef;
if (not $self->check_or_start($vars, "yes", "no", "yes")) {
return undef;
}
2011-02-18 10:52:00 +03:00
return $vars;
}
sub create_file_chmod($$)
{
my ($name, $mode) = @_;
my $fh;
unless (open($fh, '>', $name)) {
warn("Unable to open $name");
return undef;
}
chmod($mode, $fh);
}
sub setup_fileserver
{
my ($self, $path) = @_;
my $prefix_abs = abs_path($path);
my $srcdir_abs = abs_path($self->{srcdir});
print "PROVISIONING file server ...\n";
my @dirs = ();
mkdir($prefix_abs, 0777);
my $usershare_dir="$prefix_abs/lib/usershare";
mkdir("$prefix_abs/lib", 0755);
remove_tree($usershare_dir);
mkdir($usershare_dir, 01770);
my $share_dir="$prefix_abs/share";
# Create share directory structure
my $lower_case_share_dir="$share_dir/lower-case";
push(@dirs, $lower_case_share_dir);
my $lower_case_share_dir_30000="$share_dir/lower-case-30000";
push(@dirs, $lower_case_share_dir_30000);
my $dfree_share_dir="$share_dir/dfree";
push(@dirs, $dfree_share_dir);
push(@dirs, "$dfree_share_dir/subdir1");
push(@dirs, "$dfree_share_dir/subdir2");
push(@dirs, "$dfree_share_dir/subdir3");
my $quotadir_dir="$share_dir/quota";
push(@dirs, $quotadir_dir);
my $valid_users_sharedir="$share_dir/valid_users";
push(@dirs,$valid_users_sharedir);
my $offline_sharedir="$share_dir/offline";
push(@dirs,$offline_sharedir);
my $force_user_valid_users_dir = "$share_dir/force_user_valid_users";
push(@dirs, $force_user_valid_users_dir);
my $smbget_sharedir="$share_dir/smbget";
push(@dirs,$smbget_sharedir);
my $tarmode_sharedir="$share_dir/tarmode";
push(@dirs,$tarmode_sharedir);
my $usershare_sharedir="$share_dir/usershares";
push(@dirs,$usershare_sharedir);
my $fileserver_options = "
kernel change notify = yes
rpc_server:mdssvc = embedded
spotlight backend = elasticsearch
elasticsearch:address = 127.0.0.35
elasticsearch:port = 8080
elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json
usershare path = $usershare_dir
usershare max shares = 10
usershare allow guests = yes
usershare prefix allow list = $usershare_sharedir
get quota command = $prefix_abs/getset_quota.py
set quota command = $prefix_abs/getset_quota.py
[spotlight]
path = $share_dir
spotlight = yes
read only = no
[no_spotlight]
path = $share_dir
spotlight = no
read only = no
[lowercase]
path = $lower_case_share_dir
comment = smb username is [%U]
case sensitive = True
default case = lower
preserve case = no
short preserve case = no
[lowercase-30000]
path = $lower_case_share_dir_30000
comment = smb username is [%U]
case sensitive = True
default case = lower
preserve case = no
short preserve case = no
[dfree]
path = $dfree_share_dir
comment = smb username is [%U]
dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh
[valid-users-access]
path = $valid_users_sharedir
valid users = +userdup
[offline]
path = $offline_sharedir
vfs objects = offline
# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
[force_user_valid_users]
path = $force_user_valid_users_dir
comment = force user with valid users combination test share
valid users = +force_user
force user = force_user
force group = everyone
write list = force_user
[smbget]
path = $smbget_sharedir
comment = smb username is [%U]
guest ok = yes
[ign_sysacls]
path = $share_dir
comment = ignore system acls
acl_xattr:ignore system acls = yes
[inherit_owner]
path = $share_dir
comment = inherit owner
inherit owner = yes
[inherit_owner_u]
path = $share_dir
comment = inherit only unix owner
inherit owner = unix only
acl_xattr:ignore system acls = yes
# BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
[force_group_test]
path = $share_dir
comment = force group test
# force group = everyone
[homes]
comment = Home directories
browseable = No
read only = No
";
my $vars = $self->provision(
prefix => $path,
domain => "WORKGROUP",
server => "FILESERVER",
password => "fileserver",
extra_options => $fileserver_options,
no_delete_prefix => 1);
$vars or return undef;
if (not $self->check_or_start($vars, "yes", "no", "yes")) {
return undef;
}
mkdir($_, 0777) foreach(@dirs);
## Create case sensitive lower case share dir
foreach my $file ('a'..'z') {
my $full_path = $lower_case_share_dir . '/' . $file;
open my $fh, '>', $full_path;
# Add some content to file
print $fh $full_path;
close $fh;
}
for (my $file = 1; $file < 51; ++$file) {
my $full_path = $lower_case_share_dir . '/' . $file;
open my $fh, '>', $full_path;
# Add some content to file
print $fh $full_path;
close $fh;
}
# Create content for 30000 share
foreach my $file ('a'..'z') {
my $full_path = $lower_case_share_dir_30000 . '/' . $file;
open my $fh, '>', $full_path;
# Add some content to file
print $fh $full_path;
close $fh;
}
for (my $file = 1; $file < 30001; ++$file) {
my $full_path = $lower_case_share_dir_30000 . '/' . $file;
open my $fh, '>', $full_path;
# Add some content to file
print $fh $full_path;
close $fh;
}
##
## create a listable file in valid_users_share
##
create_file_chmod("$valid_users_sharedir/foo", 0644) or return undef;
return $vars;
}
sub setup_ktest
{
my ($self, $prefix) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->have_ads()) {
return "UNKNOWN";
}
print "PROVISIONING server with security=ads...";
my $ktest_options = "
workgroup = KTEST
realm = ktest.samba.example.com
security = ads
username map = $prefix/lib/username.map
server signing = required
server min protocol = SMB3_00
client max protocol = SMB3
# This disables NTLM auth against the local SAM, which
# we use can then test this setting by.
ntlm auth = disabled
";
my $ret = $self->provision(
prefix => $prefix,
domain => "KTEST",
server => "LOCALKTEST6",
password => "localktest6pass",
extra_options => $ktest_options);
$ret or return undef;
my $ctx;
my $prefix_abs = abs_path($prefix);
$ctx = {};
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
$ctx->{domain} = "KTEST";
$ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM";
$ctx->{dnsname} = lc($ctx->{realm});
$ctx->{kdc_ipv4} = "0.0.0.0";
$ctx->{kdc_ipv6} = "::";
$ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
print USERMAP "
$ret->{USERNAME} = KTEST\\Administrator
";
close(USERMAP);
#This is the secrets.tdb created by 'net ads join' from Samba3 to a
#Samba4 DC with the same parameters as are being used here. The
#domain SID is S-1-5-21-1071277805-689288055-3486227160
$ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297";
$ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160";
system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb");
chmod 0600, "$prefix/private/secrets.tdb";
#Make sure there's no old ntdb file.
system("rm -f $prefix/private/secrets.ntdb");
#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with:
# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232"
#
#and having in krb5.conf:
# ticket_lifetime = 799718400
# renew_lifetime = 799718400
#
# The commands for the -2 keytab where were:
# kinit administrator@KTEST.SAMBA.EXAMPLE.COM
# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
#
# and then for the -3 keytab, I did
#
# net changetrustpw; kdestroy and the same again.
#
# This creates a credential cache with a very long lifetime (2036 at
# at 2011-04), and shows that running 'net changetrustpw' does not
# break existing logins (for the secrets.tdb method at least).
#
$ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
chmod 0600, "$prefix/krb5_ccache-2";
system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
chmod 0600, "$prefix/krb5_ccache-3";
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by ktest can't
# access the share for tests.
chmod 0777, "$prefix/share";
if (not $self->check_or_start($ret, "yes", "no", "yes")) {
return undef;
}
return $ret;
}
sub setup_maptoguest
{
my ($self, $path) = @_;
print "PROVISIONING maptoguest...";
my $options = "
map to guest = bad user
ntlm auth = yes
";
my $vars = $self->provision(
prefix => $path,
domain => "WORKGROUP",
server => "maptoguest",
password => "maptoguestpass",
extra_options => $options);
$vars or return undef;
if (not $self->check_or_start($vars, "yes", "no", "yes")) {
return undef;
}
return $vars;
}
sub stop_sig_term($$) {
my ($self, $pid) = @_;
kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
}
sub stop_sig_kill($$) {
my ($self, $pid) = @_;
kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
}
sub write_pid($$$)
{
my ($env_vars, $app, $pid) = @_;
open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid");
print PID $pid;
close(PID);
}
sub read_pid($$)
{
my ($env_vars, $app) = @_;
open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid");
my $pid = <PID>;
close(PID);
return $pid;
}
# builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc)
sub make_bin_cmd
{
my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_;
my @optargs = ("-d0");
if (defined($options)) {
@optargs = split(/ /, $options);
}
my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
if (defined($valgrind)) {
@preargs = split(/ /, $valgrind);
}
my @args = ("-F", "--no-process-group",
"-s", $env_vars->{SERVERCONFFILE},
"-l", $env_vars->{LOGDIR});
if (not defined($dont_log_stdout)) {
push(@args, "--log-stdout");
}
return (@preargs, $binary, @args, @optargs);
}
sub check_or_start($$$$$) {
my ($self, $env_vars, $nmbd, $winbindd, $smbd) = @_;
my $STDIN_READER;
# use a pipe for stdin in the child processes. This allows
# those processes to monitor the pipe for EOF to ensure they
# exit when the test script exits
pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
my $binary = Samba::bindir_path($self, "nmbd");
my @full_cmd = $self->make_bin_cmd($binary, $env_vars,
$ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND},
$ENV{NMBD_DONT_LOG_STDOUT});
my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars);
delete $nmbd_envs->{RESOLV_WRAPPER_CONF};
delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS};
# fork and exec() nmbd in the child process
my $daemon_ctx = {
NAME => "nmbd",
BINARY_PATH => $binary,
FULL_CMD => [ @full_cmd ],
LOG_FILE => $env_vars->{NMBD_TEST_LOG},
ENV_VARS => $nmbd_envs,
};
if ($nmbd ne "yes") {
$daemon_ctx->{SKIP_DAEMON} = 1;
}
my $pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER);
$env_vars->{NMBD_TL_PID} = $pid;
write_pid($env_vars, "nmbd", $pid);
$binary = Samba::bindir_path($self, "winbindd");
@full_cmd = $self->make_bin_cmd($binary, $env_vars,
$ENV{WINBINDD_OPTIONS}, $ENV{WINBINDD_VALGRIND}, "N/A");
if (not defined($ENV{WINBINDD_DONT_LOG_STDOUT})) {
push(@full_cmd, "--stdout");
}
# fork and exec() winbindd in the child process
$daemon_ctx = {
NAME => "winbindd",
BINARY_PATH => $binary,
FULL_CMD => [ @full_cmd ],
LOG_FILE => $env_vars->{WINBINDD_TEST_LOG},
};
if ($winbindd ne "yes") {
$daemon_ctx->{SKIP_DAEMON} = 1;
}
$pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER);
$env_vars->{WINBINDD_TL_PID} = $pid;
write_pid($env_vars, "winbindd", $pid);
$binary = Samba::bindir_path($self, "smbd");
@full_cmd = $self->make_bin_cmd($binary, $env_vars,
$ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND},
$ENV{SMBD_DONT_LOG_STDOUT});
# fork and exec() smbd in the child process
$daemon_ctx = {
NAME => "smbd",
BINARY_PATH => $binary,
FULL_CMD => [ @full_cmd ],
LOG_FILE => $env_vars->{SMBD_TEST_LOG},
};
if ($smbd ne "yes") {
$daemon_ctx->{SKIP_DAEMON} = 1;
}
$pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER);
$env_vars->{SMBD_TL_PID} = $pid;
write_pid($env_vars, "smbd", $pid);
# close the parent's read-end of the pipe
close($STDIN_READER);
return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd);
}
sub createuser($$$$$)
{
my ($self, $username, $password, $conffile, $env) = @_;
my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null";
keys %$env;
while(my($var, $val) = each %$env) {
$cmd = "$var=\"$val\" $cmd";
}
unless (open(PWD, "|$cmd")) {
warn("Unable to set password for $username account\n$cmd");
return undef;
}
print PWD "$password\n$password\n";
unless (close(PWD)) {
warn("Unable to set password for $username account\n$cmd");
return undef;
}
}
sub provision($$)
{
my ($self, %args) = @_;
my $prefix = $args{prefix};
my $domain = $args{domain};
my $server = $args{server};
my $password = $args{password};
my $extra_options = $args{extra_options};
my $dc_server_ip = $args{dc_server_ip};
my $dc_server_ipv6 = $args{dc_server_ipv6};
my $no_delete_prefix= $args{no_delete_prefix};
##
## setup the various environment variables we need
##
my $samsid = Samba::random_domain_sid();
my $swiface = Samba::get_interface($server);
my %ret = ();
my %createuser_env = ();
my $server_ip = Samba::get_ipv4_addr($server);
my $server_ipv6 = Samba::get_ipv6_addr($server);
2009-01-28 19:28:51 +03:00
my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`);
chomp $unix_name;
my $unix_uid = $>;
my $unix_gids_str = $);
my @unix_gids = split(" ", $unix_gids_str);
my $prefix_abs = abs_path($prefix);
2009-01-28 19:28:51 +03:00
my $bindir_abs = abs_path($self->{bindir});
my @dirs = ();
my $shrdir="$prefix_abs/share";
push(@dirs,$shrdir);
my $libdir="$prefix_abs/lib";
push(@dirs,$libdir);
my $piddir="$prefix_abs/pid";
push(@dirs,$piddir);
my $privatedir="$prefix_abs/private";
push(@dirs,$privatedir);
my $cachedir = "$prefix_abs/cachedir";
push(@dirs, $cachedir);
my $binddnsdir = "$prefix_abs/bind-dns";
push(@dirs, $binddnsdir);
my $lockdir="$prefix_abs/lockdir";
push(@dirs,$lockdir);
my $eventlogdir="$prefix_abs/lockdir/eventlog";
push(@dirs,$eventlogdir);
my $logdir="$prefix_abs/logs";
push(@dirs,$logdir);
my $driver32dir="$shrdir/W32X86";
push(@dirs,$driver32dir);
my $driver64dir="$shrdir/x64";
push(@dirs,$driver64dir);
my $driver40dir="$shrdir/WIN40";
push(@dirs,$driver40dir);
my $ro_shrdir="$shrdir/root-tmp";
push(@dirs,$ro_shrdir);
my $noperm_shrdir="$shrdir/noperm-tmp";
push(@dirs,$noperm_shrdir);
my $msdfs_shrdir="$shrdir/msdfsshare";
push(@dirs,$msdfs_shrdir);
my $msdfs_deeppath="$msdfs_shrdir/deeppath";
push(@dirs,$msdfs_deeppath);
my $badnames_shrdir="$shrdir/badnames";
push(@dirs,$badnames_shrdir);
my $lease1_shrdir="$shrdir/SMB2_10";
push(@dirs,$lease1_shrdir);
my $lease2_shrdir="$shrdir/SMB3_00";
push(@dirs,$lease2_shrdir);
my $manglenames_shrdir="$shrdir/manglenames";
push(@dirs,$manglenames_shrdir);
my $widelinks_shrdir="$shrdir/widelinks";
push(@dirs,$widelinks_shrdir);
my $widelinks_linkdir="$shrdir/widelinks_foo";
push(@dirs,$widelinks_linkdir);
my $fsrvp_shrdir="$shrdir/fsrvp";
push(@dirs,$fsrvp_shrdir);
my $shadow_tstdir="$shrdir/shadow";
push(@dirs,$shadow_tstdir);
my $shadow_mntdir="$shadow_tstdir/mount";
push(@dirs,$shadow_mntdir);
my $shadow_basedir="$shadow_mntdir/base";
push(@dirs,$shadow_basedir);
my $shadow_shrdir="$shadow_basedir/share";
push(@dirs,$shadow_shrdir);
my $nosymlinks_shrdir="$shrdir/nosymlinks";
push(@dirs,$nosymlinks_shrdir);
my $local_symlinks_shrdir="$shrdir/local_symlinks";
push(@dirs,$local_symlinks_shrdir);
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
my $nmbdsockdir="$prefix_abs/nmbd";
unlink($nmbdsockdir);
##
## create the test directory layout
##
die ("prefix_abs = ''") if $prefix_abs eq "";
die ("prefix_abs = '/'") if $prefix_abs eq "/";
mkdir($prefix_abs, 0777);
print "CREATE TEST ENVIRONMENT IN '$prefix'...";
if (not defined($no_delete_prefix) or not $no_delete_prefix) {
system("rm -rf $prefix_abs/*");
}
mkdir($_, 0777) foreach(@dirs);
my $fs_specific_conf = $self->get_fs_specific_conf($shrdir);
##
## lockdir and piddir must be 0755
##
chmod 0755, $lockdir;
chmod 0755, $piddir;
##
## Create a directory without permissions to enter
##
chmod 0000, $noperm_shrdir;
##
## create ro and msdfs share layout
##
chmod 0755, $ro_shrdir;
create_file_chmod("$ro_shrdir/unreadable_file", 0600) or return undef;
create_file_chmod("$ro_shrdir/msdfs-target", 0600) or return undef;
symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp",
"$msdfs_shrdir/msdfs-src1";
symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2";
##
## create bad names in $badnames_shrdir
##
## (An invalid name, would be mangled to 8.3).
create_file_chmod("$badnames_shrdir/\340|\231\216\377\177",
0600) or return undef;
## (A bad name, would not be mangled to 8.3).
create_file_chmod("$badnames_shrdir/\240\276\346\327\377\177",
0666) or return undef;
## (A bad good name).
create_file_chmod("$badnames_shrdir/blank.txt",
0666) or return undef;
##
## create mangleable directory names in $manglenames_shrdir
##
my $manglename_target = "$manglenames_shrdir/foo:bar";
mkdir($manglename_target, 0777);
##
## create symlinks for widelinks tests.
##
my $widelinks_target = "$widelinks_linkdir/target";
create_file_chmod("$widelinks_target", 0666) or return undef;
##
## This link should get ACCESS_DENIED
##
symlink "$widelinks_target", "$widelinks_shrdir/source";
##
## This link should be allowed
##
symlink "$widelinks_shrdir", "$widelinks_shrdir/dot";
my $conffile="$libdir/server.conf";
my $dfqconffile="$libdir/dfq.conf";
my $errorinjectconf="$libdir/error_inject.conf";
my $delayinjectconf="$libdir/delay_inject.conf";
my $globalinjectconf="$libdir/global_inject.conf";
my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
2009-01-28 19:28:51 +03:00
my $nss_wrapper_passwd = "$privatedir/passwd";
my $nss_wrapper_group = "$privatedir/group";
my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts";
my $resolv_conf = "$privatedir/resolv.conf";
my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file";
2009-01-28 19:28:51 +03:00
my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl";
my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl";
my @eventlog_list = ("dns server", "application");
##
## calculate uids and gids
##
my ($max_uid, $max_gid);
my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
my ($uid_pdbtest_wkn);
my ($uid_smbget);
my ($uid_force_user);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
my ($gid_userdup, $gid_everyone);
my ($gid_force_user);
my ($uid_user1);
my ($uid_user2);
my ($uid_gooduser);
my ($uid_eviluser);
my ($uid_slashuser);
if ($unix_uid < 0xffff - 13) {
$max_uid = 0xffff;
} else {
$max_uid = $unix_uid;
}
$uid_root = $max_uid - 1;
$uid_nobody = $max_uid - 2;
$uid_pdbtest = $max_uid - 3;
$uid_pdbtest2 = $max_uid - 4;
$uid_userdup = $max_uid - 5;
$uid_pdbtest_wkn = $max_uid - 6;
$uid_force_user = $max_uid - 7;
$uid_smbget = $max_uid - 8;
$uid_user1 = $max_uid - 9;
$uid_user2 = $max_uid - 10;
$uid_gooduser = $max_uid - 11;
$uid_eviluser = $max_uid - 12;
$uid_slashuser = $max_uid - 13;
if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
} else {
$max_gid = $unix_gids[0];
}
$gid_nobody = $max_gid - 1;
$gid_nogroup = $max_gid - 2;
$gid_root = $max_gid - 3;
$gid_domusers = $max_gid - 4;
$gid_domadmins = $max_gid - 5;
$gid_userdup = $max_gid - 6;
$gid_everyone = $max_gid - 7;
$gid_force_user = $max_gid - 8;
##
## create conffile
##
unless (open(CONF, ">$conffile")) {
warn("Unable to open $conffile");
return undef;
}
my $interfaces = Samba::get_interfaces_config($server);
print CONF "
[global]
dcesrv:fuzz directory = $cachedir/fuzz
2009-01-28 19:28:51 +03:00
netbios name = $server
interfaces = $interfaces
2009-01-28 19:28:51 +03:00
bind interfaces only = yes
panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY)
smbd:suicide mode = yes
2009-01-28 19:28:51 +03:00
client min protocol = CORE
server min protocol = LANMAN1
workgroup = $domain
private dir = $privatedir
binddns dir = $binddnsdir
pid directory = $piddir
lock directory = $lockdir
log file = $logdir/log.\%m
log level = 1
debug pid = yes
max log size = 0
2009-01-28 19:28:51 +03:00
state directory = $lockdir
cache directory = $lockdir
passdb backend = tdbsam
2009-01-28 19:28:51 +03:00
time server = yes
add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g
add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group
delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u
delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g
delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group
2009-01-28 19:28:51 +03:00
addprinter command = $mod_printer_pl -a -s $conffile --
deleteprinter command = $mod_printer_pl -d -s $conffile --
eventlog list = application \"dns server\"
2009-01-28 19:28:51 +03:00
kernel oplocks = no
kernel change notify = no
logging = file
2009-01-28 19:28:51 +03:00
printing = bsd
printcap name = /dev/null
winbindd socket directory = $wbsockdir
nmbd:socket dir = $nmbdsockdir
idmap config * : range = 100000-200000
winbind enum users = yes
winbind enum groups = yes
winbind separator = /
include system krb5 conf = no
2009-01-28 19:28:51 +03:00
# min receivefile size = 4000
read only = no
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
map hidden = no
map system = no
map readonly = no
store dos attributes = yes
create mask = 755
dos filemode = yes
strict rename = yes
strict sync = yes
mangled names = yes
vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit
full_audit:syslog = no
full_audit:success = none
full_audit:failure = none
2009-01-28 19:28:51 +03:00
printing = vlp
print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
lpq cache time = 0
print notify backchannel = yes
ncalrpc dir = $prefix_abs/ncalrpc
# The samba3.blackbox.smbclient_s3 test uses this to test that
# sending messages works, and that the %m sub works.
message command = mv %s $shrdir/message.%m
# fsrvp server requires registry shares
registry shares = yes
# Used by RPC SRVSVC tests
add share command = $bindir_abs/smbaddshare
change share command = $bindir_abs/smbchangeshare
delete share command = $bindir_abs/smbdeleteshare
# fruit:copyfile is a global option
fruit:copyfile = yes
#this does not mean that we use non-secure test env,
#it just means we ALLOW one to be configured.
allow insecure wide links = yes
include = $globalinjectconf
# Begin extra options
$extra_options
# End extra options
2009-01-28 19:28:51 +03:00
#Include user defined custom parameters if set
2009-01-29 00:15:44 +03:00
";
if (defined($ENV{INCLUDE_CUSTOM_CONF})) {
print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n";
}
2009-01-28 19:28:51 +03:00
2009-01-29 00:15:44 +03:00
print CONF "
2009-01-28 19:28:51 +03:00
[tmp]
path = $shrdir
comment = smb username is [%U]
[tmpsort]
path = $shrdir
comment = Load dirsort module
vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot
[tmpenc]
path = $shrdir
comment = encrypt smb username is [%U]
smb encrypt = required
vfs objects = dirsort
2011-02-18 10:52:00 +03:00
[tmpguest]
path = $shrdir
guest ok = yes
[guestonly]
path = $shrdir
guest only = yes
guest ok = yes
[forceuser]
path = $shrdir
force user = $unix_name
guest ok = yes
[forceuser_unixonly]
comment = force a user with unix user SID and group SID
path = $shrdir
force user = pdbtest
guest ok = yes
[forceuser_wkngroup]
comment = force a user with well-known group SID
path = $shrdir
force user = pdbtest_wkn
guest ok = yes
2011-02-18 10:52:00 +03:00
[forcegroup]
path = $shrdir
force group = nogroup
guest ok = yes
[ro-tmp]
path = $ro_shrdir
guest ok = yes
[noperm]
path = $noperm_shrdir
wide links = yes
guest ok = yes
[write-list-tmp]
path = $shrdir
read only = yes
write list = $unix_name
[valid-users-tmp]
path = $shrdir
valid users = $unix_name
access based share enum = yes
[msdfs-share]
path = $msdfs_shrdir
msdfs root = yes
msdfs shuffle referrals = yes
guest ok = yes
[hideunread]
copy = tmp
hide unreadable = yes
[tmpcase]
copy = tmp
case sensitive = yes
[hideunwrite]
copy = tmp
hide unwriteable files = yes
[durable]
copy = tmp
kernel share modes = no
kernel oplocks = no
posix locking = no
[fs_specific]
copy = tmp
$fs_specific_conf
[print1]
copy = tmp
printable = yes
[print2]
copy = print1
[print3]
copy = print1
default devmode = no
[lp]
copy = print1
[nfs4acl_simple_40]
path = $shrdir
comment = smb username is [%U]
nfs4:mode = simple
nfs4acl_xattr:version = 40
vfs objects = nfs4acl_xattr xattr_tdb
[nfs4acl_special_40]
path = $shrdir
comment = smb username is [%U]
nfs4:mode = special
nfs4acl_xattr:version = 40
vfs objects = nfs4acl_xattr xattr_tdb
[nfs4acl_simple_41]
path = $shrdir
comment = smb username is [%U]
nfs4:mode = simple
vfs objects = nfs4acl_xattr xattr_tdb
[nfs4acl_xdr_40]
path = $shrdir
comment = smb username is [%U]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = xdr
nfs4acl_xattr:version = 40
[nfs4acl_xdr_41]
path = $shrdir
comment = smb username is [%U]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = xdr
nfs4acl_xattr:version = 41
[nfs4acl_nfs_40]
path = $shrdir
comment = smb username is [%U]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = nfs
nfs4acl_xattr:version = 40
nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
[nfs4acl_nfs_41]
path = $shrdir
comment = smb username is [%U]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = nfs
nfs4acl_xattr:version = 41
nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
[xcopy_share]
path = $shrdir
comment = smb username is [%U]
create mask = 777
force create mode = 777
[posix_share]
path = $shrdir
comment = smb username is [%U]
create mask = 0777
force create mode = 0
directory mask = 0777
force directory mode = 0
vfs objects = xattr_tdb streams_depot
[aio]
copy = tmp
aio read size = 1
aio write size = 1
[print\$]
copy = tmp
[vfs_fruit]
path = $shrdir
vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
fruit:veto_appledouble = no
[vfs_fruit_xattr]
path = $shrdir
# This is used by vfs.fruit tests that require real fs xattr
vfs objects = catia fruit streams_xattr acl_xattr
fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
fruit:veto_appledouble = no
[vfs_fruit_metadata_stream]
path = $shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:veto_appledouble = no
[vfs_fruit_stream_depot]
path = $shrdir
vfs objects = fruit streams_depot acl_xattr xattr_tdb
fruit:resource = stream
fruit:metadata = stream
fruit:veto_appledouble = no
[vfs_wo_fruit]
path = $shrdir
vfs objects = streams_xattr acl_xattr xattr_tdb
[vfs_wo_fruit_stream_depot]
path = $shrdir
vfs objects = streams_depot acl_xattr xattr_tdb
[vfs_fruit_timemachine]
path = $shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:time machine = yes
fruit:time machine max size = 32K
[vfs_fruit_wipe_intentionally_left_blank_rfork]
path = $shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:wipe_intentionally_left_blank_rfork = true
fruit:delete_empty_adfiles = false
fruit:veto_appledouble = no
[vfs_fruit_delete_empty_adfiles]
path = $shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:wipe_intentionally_left_blank_rfork = true
fruit:delete_empty_adfiles = true
fruit:veto_appledouble = no
[vfs_fruit_zero_fileid]
path = $shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:zero_file_id=yes
[badname-tmp]
path = $badnames_shrdir
guest ok = yes
[manglenames_share]
path = $manglenames_shrdir
guest ok = yes
[dynamic_share]
path = $shrdir/%R
guest ok = yes
[widelinks_share]
path = $widelinks_shrdir
wide links = no
guest ok = yes
[fsrvp_share]
path = $fsrvp_shrdir
comment = fake shapshots using rsync
vfs objects = shell_snap shadow_copy2
shell_snap:check path command = $fake_snap_pl --check
shell_snap:create command = $fake_snap_pl --create
shell_snap:delete command = $fake_snap_pl --delete
# a relative path here fails, the snapshot dir is no longer found
shadow:snapdir = $fsrvp_shrdir/.snapshots
[shadow1]
path = $shadow_shrdir
comment = previous versions snapshots under mount point
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
[shadow2]
path = $shadow_shrdir
comment = previous versions snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
shadow:snapdir = $shadow_tstdir/.snapshots
[shadow3]
path = $shadow_shrdir
comment = previous versions with subvolume snapshots, snapshots under base dir
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
[shadow4]
path = $shadow_shrdir
comment = previous versions with subvolume snapshots, snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_tstdir/.snapshots
[shadow5]
path = $shadow_shrdir
comment = previous versions at volume root snapshots under mount point
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_shrdir
[shadow6]
path = $shadow_shrdir
comment = previous versions at volume root snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_shrdir
shadow:snapdir = $shadow_tstdir/.snapshots
[shadow7]
path = $shadow_shrdir
comment = previous versions snapshots everywhere
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
shadow:snapdirseverywhere = yes
[shadow8]
path = $shadow_shrdir
comment = previous versions using snapsharepath
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
shadow:snapdir = $shadow_tstdir/.snapshots
shadow:snapsharepath = share
[shadow_fmt0]
comment = Testing shadow:format with default option
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
[shadow_fmt1]
comment = Testing shadow:format with only date component
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:format = \@GMT-%Y-%m-%d
[shadow_fmt2]
comment = Testing shadow:format with some hardcoded prefix
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S
[shadow_fmt3]
comment = Testing shadow:format with modified format
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap
[shadow_fmt4]
comment = Testing shadow:snapprefix regex
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:snapprefix = \^s[a-z]*p\$
shadow:format = _GMT-%Y.%m.%d-%H.%M.%S
[shadow_fmt5]
comment = Testing shadow:snapprefix with delim regex
vfs object = shadow_copy2
path = $shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $shadow_mntdir
shadow:basedir = $shadow_basedir
shadow:snapdir = $shadow_basedir/.snapshots
shadow:delimiter = \@GMT
shadow:snapprefix = [a-z]*
shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
[shadow_wl]
path = $shadow_shrdir
comment = previous versions with wide links allowed
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
wide links = yes
[shadow_write]
path = $shadow_tstdir
comment = previous versions snapshots under mount point
vfs objects = shadow_copy2 streams_xattr error_inject
aio write size = 0
error_inject:pwrite = EBADF
shadow:mountpoint = $shadow_tstdir
[dfq]
path = $shrdir/dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
admin users = $unix_name
include = $dfqconffile
[dfq_cache]
path = $shrdir/dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
admin users = $unix_name
include = $dfqconffile
dfree cache time = 60
[dfq_owner]
path = $shrdir/dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
inherit owner = yes
include = $dfqconffile
[quotadir]
path = $shrdir/quota
admin users = $unix_name
[acl_xattr_ign_sysacl_posix]
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = posix
[acl_xattr_ign_sysacl_windows]
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = windows
[mangle_illegal]
copy = tmp
mangled names = illegal
[nosymlinks]
copy = tmp
path = $nosymlinks_shrdir
follow symlinks = no
[local_symlinks]
copy = tmp
path = $local_symlinks_shrdir
follow symlinks = yes
[kernel_oplocks]
copy = tmp
kernel oplocks = yes
vfs objects = streams_xattr xattr_tdb
[streams_xattr]
copy = tmp
vfs objects = streams_xattr xattr_tdb
[compound_find]
copy = tmp
smbd:find async delay usec = 10000
[error_inject]
copy = tmp
vfs objects = error_inject
include = $errorinjectconf
[delay_inject]
copy = tmp
vfs objects = delay_inject
kernel share modes = no
kernel oplocks = no
posix locking = no
include = $delayinjectconf
[aio_delay_inject]
copy = tmp
vfs objects = delay_inject
delay_inject:pread_send = 2000
delay_inject:pwrite_send = 2000
[brl_delay_inject1]
copy = tmp
vfs objects = delay_inject
delay_inject:brl_lock_windows = 90
delay_inject:brl_lock_windows_use_timer = yes
[brl_delay_inject2]
copy = tmp
vfs objects = delay_inject
delay_inject:brl_lock_windows = 90
delay_inject:brl_lock_windows_use_timer = no
[delete_readonly]
path = $prefix_abs/share
delete readonly = yes
";
close(CONF);
my $net = Samba::bindir_path($self, "net");
my $cmd = "";
$cmd .= "SMB_CONF_PATH=\"$conffile\" ";
$cmd .= "$net setlocalsid $samsid";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
return undef;
}
unless (open(ERRORCONF, ">$errorinjectconf")) {
warn("Unable to open $errorinjectconf");
return undef;
}
close(ERRORCONF);
unless (open(DELAYCONF, ">$delayinjectconf")) {
warn("Unable to open $delayinjectconf");
return undef;
}
close(DELAYCONF);
unless (open(DFQCONF, ">$dfqconffile")) {
warn("Unable to open $dfqconffile");
return undef;
}
close(DFQCONF);
unless (open(DELAYCONF, ">$globalinjectconf")) {
warn("Unable to open $globalinjectconf");
return undef;
}
close(DELAYCONF);
##
## create a test account
##
unless (open(PASSWD, ">$nss_wrapper_passwd")) {
warn("Unable to open $nss_wrapper_passwd");
return undef;
}
print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
2009-01-28 19:28:51 +03:00
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false
user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false
eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
2009-01-28 19:28:51 +03:00
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
";
}
2009-01-28 19:28:51 +03:00
close(PASSWD);
unless (open(GROUP, ">$nss_wrapper_group")) {
warn("Unable to open $nss_wrapper_group");
return undef;
}
print GROUP "nobody:x:$gid_nobody:
nogroup:x:$gid_nogroup:nobody
2009-01-28 19:28:51 +03:00
$unix_name-group:x:$unix_gids[0]:
domusers:X:$gid_domusers:
domadmins:X:$gid_domadmins:
userdup:x:$gid_userdup:$unix_name
everyone:x:$gid_everyone:
force_user:x:$gid_force_user:
2009-01-28 19:28:51 +03:00
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
";
}
2009-01-28 19:28:51 +03:00
close(GROUP);
## hosts
my $hostname = lc($server);
unless (open(HOSTS, ">>$nss_wrapper_hosts")) {
warn("Unable to open $nss_wrapper_hosts");
return undef;
}
print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n";
print HOSTS "${server_ipv6} ${hostname}.samba.example.com ${hostname}\n";
close(HOSTS);
## hosts
unless (open(RESOLV_CONF, ">$resolv_conf")) {
warn("Unable to open $resolv_conf");
return undef;
}
if (defined($dc_server_ip) or defined($dc_server_ipv6)) {
if (defined($dc_server_ip)) {
print RESOLV_CONF "nameserver $dc_server_ip\n";
}
if (defined($dc_server_ipv6)) {
print RESOLV_CONF "nameserver $dc_server_ipv6\n";
}
} else {
print RESOLV_CONF "nameserver ${server_ip}\n";
print RESOLV_CONF "nameserver ${server_ipv6}\n";
}
close(RESOLV_CONF);
foreach my $evlog (@eventlog_list) {
my $evlogtdb = "$eventlogdir/$evlog.tdb";
open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb");
close(EVENTLOG);
}
$createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
$createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
$createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
$createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
if ($ENV{SAMBA_DNS_FAKING}) {
$createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
} else {
$createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf;
}
2009-01-28 19:28:51 +03:00
createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user");
createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user");
createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user");
createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1");
createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2");
createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
print DNS_UPDATE_LIST "A $server. $server_ip\n";
print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n";
close(DNS_UPDATE_LIST);
print "DONE\n";
$ret{SERVER_IP} = $server_ip;
$ret{SERVER_IPV6} = $server_ipv6;
$ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
2009-01-29 00:15:44 +03:00
$ret{NMBD_TEST_LOG_POS} = 0;
$ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log";
2009-01-29 00:15:44 +03:00
$ret{WINBINDD_TEST_LOG_POS} = 0;
$ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log";
2009-01-29 00:15:44 +03:00
$ret{SMBD_TEST_LOG_POS} = 0;
$ret{SERVERCONFFILE} = $conffile;
$ret{TESTENV_DIR} = $prefix_abs;
$ret{CONFIGURATION} ="-s $conffile";
$ret{LOCK_DIR} = $lockdir;
$ret{SERVER} = $server;
2009-01-28 19:28:51 +03:00
$ret{USERNAME} = $unix_name;
$ret{USERID} = $unix_uid;
$ret{DOMAIN} = $domain;
$ret{SAMSID} = $samsid;
$ret{NETBIOSNAME} = $server;
$ret{PASSWORD} = $password;
$ret{PIDDIR} = $piddir;
$ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir;
$ret{NMBD_SOCKET_DIR} = $nmbdsockdir;
2009-01-29 00:15:44 +03:00
$ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface;
2009-01-28 19:28:51 +03:00
$ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
$ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
$ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
$ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
$ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self);
$ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind";
if ($ENV{SAMBA_DNS_FAKING}) {
$ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
} else {
$ret{RESOLV_WRAPPER_CONF} = $resolv_conf;
}
$ret{LOCAL_PATH} = "$shrdir";
$ret{LOGDIR} = $logdir;
2009-01-28 19:28:51 +03:00
#
# Avoid hitting system krb5.conf -
# An env that needs Kerberos will reset this to the real
# value.
#
$ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
# Define KRB5CCNAME for each environment we set up
$ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache";
$ENV{KRB5CCNAME} = $ret{KRB5_CCACHE};
return \%ret;
}
sub wait_for_start($$$$$)
{
my ($self, $envvars, $nmbd, $winbindd, $smbd) = @_;
my $cmd;
my $netcmd;
my $ret;
if ($nmbd eq "yes") {
my $count = 0;
# give time for nbt server to register its names
print "checking for nmbd\n";
# This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init
my $nmblookup = Samba::bindir_path($self, "nmblookup");
do {
$ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}");
if ($ret != 0) {
sleep(1);
} else {
system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__");
system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__");
system("$nmblookup $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__");
system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
}
$count++;
} while ($ret != 0 && $count < 10);
if ($count == 10) {
print "NMBD not reachable after 10 retries\n";
teardown_env($self, $envvars);
return 0;
}
}
if ($winbindd eq "yes") {
print "checking for winbindd\n";
my $count = 0;
$cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
$cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
$cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc";
do {
if ($ret != 0) {
$ret = system($cmd);
sleep(1);
}
$count++;
} while ($ret != 0 && $count < 20);
if ($count == 20) {
print "WINBINDD not reachable after 20 seconds\n";
teardown_env($self, $envvars);
return 0;
}
}
if ($smbd eq "yes") {
# make sure smbd is also up set
print "wait for smbd\n";
my $count = 0;
do {
$ret = system(Samba::bindir_path($self, "smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
if ($ret != 0) {
sleep(1);
}
$count++
} while ($ret != 0 && $count < 20);
if ($count == 20) {
print "SMBD failed to start up in a reasonable time (20sec)\n";
teardown_env($self, $envvars);
return 0;
}
}
# Ensure we have domain users mapped.
$netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
$netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
$cmd = $netcmd . "groupmap delete ntgroup=domusers";
$ret = system($cmd);
$cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
$ret = system($cmd);
if ($ret != 0) {
print("\"$cmd\" failed\n");
return 1;
}
$cmd = $netcmd . "groupmap delete ntgroup=domadmins";
$ret = system($cmd);
$cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
$ret = system($cmd);
if ($ret != 0) {
print("\"$cmd\" failed\n");
return 1;
}
$cmd = $netcmd . "groupmap delete ntgroup=everyone";
$ret = system($cmd);
$cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
$ret = system($cmd);
if ($ret != 0) {
print("\"$cmd\" failed\n");
return 1;
}
# note: creating builtin groups requires winbindd for the
# unix id allocator
my $create_builtin_users = "no";
if ($winbindd eq "yes") {
$cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
$cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
$cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
my $wbinfo_out = qx($cmd 2>&1);
if ($? != 0) {
# wbinfo doesn't give us a better error code then
# WBC_ERR_DOMAIN_NOT_FOUND, but at least that's
# different then WBC_ERR_WINBIND_NOT_AVAILABLE
if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) {
print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out");
teardown_env($self, $envvars);
return 0;
}
$create_builtin_users = "yes";
}
}
if ($create_builtin_users eq "yes") {
$cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
$cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
$cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
$cmd .= "sam createbuiltingroup Users";
$ret = system($cmd);
if ($ret != 0) {
print "Failed to create BUILTIN\\Users group\n";
teardown_env($self, $envvars);
return 0;
}
$cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
$cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545";
system($cmd);
$cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
$cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
$cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
$ret = system($cmd);
if ($ret != 0) {
print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n";
teardown_env($self, $envvars);
return 0;
}
}
print $self->getlog_env($envvars);
return 1;
}
1;