2007-03-05 21:28:55 +00:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba4 ;
use strict ;
2007-04-17 13:06:00 +00:00
use Cwd qw( abs_path ) ;
2007-03-05 21:28:55 +00:00
use FindBin qw( $RealBin ) ;
use POSIX ;
2010-11-27 03:03:50 +01:00
use SocketWrapper ;
2007-03-05 21:28:55 +00:00
2009-01-21 10:14:29 +01:00
sub new ($$$$$) {
2011-02-03 15:14:31 +11:00
my ( $ classname , $ bindir , $ ldap , $ srcdir , $ exeext ) = @ _ ;
2009-01-21 10:14:29 +01:00
$ exeext = "" unless defined ( $ exeext ) ;
2010-11-01 01:05:03 +03:00
my $ self = {
vars = > { } ,
ldap = > $ ldap ,
bindir = > $ bindir ,
2011-02-03 15:14:31 +11:00
srcdir = > $ srcdir ,
2009-01-21 10:14:29 +01:00
exeext = > $ exeext
2007-04-17 00:30:01 +00:00
} ;
2007-03-21 15:57:07 +00:00
bless $ self ;
return $ self ;
}
2009-01-21 10:09:30 +01:00
sub bindir_path ($$) {
my ( $ self , $ path ) = @ _ ;
2010-11-27 03:03:50 +01:00
my $ valpath = "$self->{bindir}/$path$self->{exeext}" ;
return $ valpath if ( - f $ valpath ) ;
return $ path ;
2009-01-21 10:09:30 +01:00
}
2011-02-03 15:14:31 +11:00
sub scriptdir_path ($$) {
my ( $ self , $ path ) = @ _ ;
return "$self->{srcdir}/source4/scripting/$path" ;
}
2007-04-23 07:33:15 +00:00
sub openldap_start ($$$) {
}
2007-04-10 20:19:31 +00:00
sub slapd_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-12 12:45:41 +00:00
my $ count = 0 ;
2007-04-10 20:19:31 +00:00
my ( $ self , $ env_vars ) = @ _ ;
2009-08-14 10:21:04 +10:00
my $ ldbsearch = $ self - > bindir_path ( "ldbsearch" ) ;
2007-04-10 20:19:31 +00:00
my $ uri = $ env_vars - > { LDAP_URI } ;
2009-08-14 10:21:04 +10:00
if ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) == 0 ) {
print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!" ;
return 1 ;
}
2007-03-06 06:30:36 +00:00
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
2007-05-29 13:06:08 +00:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
2007-12-21 02:33:43 -06:00
system ( "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &" ) ;
2007-04-17 00:30:01 +00:00
} elsif ( $ self - > { ldap } eq "openldap" ) {
2009-08-13 17:01:27 +10:00
system ( "$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &" ) ;
2007-03-05 21:28:55 +00:00
}
2009-01-21 10:09:30 +01:00
while ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) != 0 ) {
2010-09-14 14:41:42 +02:00
$ count + + ;
2007-04-23 07:33:15 +00:00
if ( $ count > 40 ) {
2010-09-14 14:41:42 +02:00
$ self - > slapd_stop ( $ env_vars ) ;
return 0 ;
2007-03-07 11:05:59 +00:00
}
sleep ( 1 ) ;
}
2007-03-06 06:30:36 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2007-04-10 20:19:31 +00:00
sub slapd_stop ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2007-05-29 13:06:08 +00:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
2010-01-28 19:35:29 -06:00
system ( "$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd" ) ;
2007-04-17 00:30:01 +00:00
} elsif ( $ self - > { ldap } eq "openldap" ) {
2010-09-14 14:41:42 +02:00
unless ( open ( IN , "<$envvars->{OPENLDAP_PIDFILE}" ) ) {
warn ( "unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}" ) ;
return 0 ;
}
2007-03-05 21:28:55 +00:00
kill 9 , <IN> ;
close ( IN ) ;
}
2007-04-23 21:56:23 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2010-11-01 01:05:03 +03:00
sub check_or_start ($$$)
2007-03-05 21:28:55 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ env_vars , $ max_time ) = @ _ ;
2009-02-04 15:17:14 +01:00
return 0 if ( - p $ env_vars - > { SAMBA_TEST_FIFO } ) ;
2007-03-21 15:57:07 +00:00
2009-02-04 15:17:14 +01:00
unlink ( $ env_vars - > { SAMBA_TEST_FIFO } ) ;
POSIX:: mkfifo ( $ env_vars - > { SAMBA_TEST_FIFO } , 0700 ) ;
unlink ( $ env_vars - > { SAMBA_TEST_LOG } ) ;
2007-03-05 21:28:55 +00:00
2010-10-10 10:12:46 +11:00
my $ pwd = `pwd` ;
2010-10-02 12:42:00 -07:00
print "STARTING SAMBA for $ENV{ENVNAME}\n" ;
2007-03-05 21:28:55 +00:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
2009-02-04 15:17:14 +01:00
open STDIN , $ env_vars - > { SAMBA_TEST_FIFO } ;
2009-08-12 14:38:55 +10:00
# we want out from samba to go to the log file, but also
# to the users terminal when running 'make test' on the command
# line. This puts it on stderr on the terminal
open STDOUT , "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2" ;
2007-03-05 21:28:55 +00:00
open STDERR , '>&STDOUT' ;
2009-08-12 14:38:55 +10:00
2007-04-17 15:33:50 +00:00
SocketWrapper:: set_default_iface ( $ env_vars - > { SOCKET_WRAPPER_DEFAULT_IFACE } ) ;
2007-04-17 03:47:51 +00:00
my $ valgrind = "" ;
2009-03-20 16:11:14 +01:00
if ( defined ( $ ENV { SAMBA_VALGRIND } ) ) {
$ valgrind = $ ENV { SAMBA_VALGRIND } ;
2010-11-01 01:05:03 +03:00
}
2007-04-17 03:47:51 +00:00
2010-11-01 01:05:03 +03:00
$ ENV { KRB5_CONFIG } = $ env_vars - > { KRB5_CONFIG } ;
2009-04-17 09:59:39 +02:00
$ ENV { WINBINDD_SOCKET_DIR } = $ env_vars - > { WINBINDD_SOCKET_DIR } ;
2007-04-17 03:47:51 +00:00
2007-11-05 15:49:40 +01:00
$ ENV { NSS_WRAPPER_PASSWD } = $ env_vars - > { NSS_WRAPPER_PASSWD } ;
$ ENV { NSS_WRAPPER_GROUP } = $ env_vars - > { NSS_WRAPPER_GROUP } ;
2009-08-05 10:50:03 +10:00
$ ENV { UID_WRAPPER } = "1" ;
2009-02-04 15:17:14 +01:00
# Start slapd before samba, but with the fifo on stdin
2007-04-23 07:33:15 +00:00
if ( defined ( $ self - > { ldap } ) ) {
2010-09-14 14:41:42 +02:00
unless ( $ self - > slapd_start ( $ env_vars ) ) {
warn ( "couldn't start slapd (main run)" ) ;
return undef ;
}
2007-04-23 07:33:15 +00:00
}
2007-03-05 21:28:55 +00:00
my $ optarg = "" ;
if ( defined ( $ max_time ) ) {
$ optarg = "--maximum-runtime=$max_time " ;
}
2009-03-20 16:11:14 +01:00
if ( defined ( $ ENV { SAMBA_OPTIONS } ) ) {
$ optarg . = " $ENV{SAMBA_OPTIONS}" ;
2007-10-08 12:57:30 +00:00
}
2009-01-21 10:09:30 +01:00
my $ samba = $ self - > bindir_path ( "samba" ) ;
2009-08-12 14:41:44 +10:00
# allow selection of the process model using
# the environment varibale SAMBA_PROCESS_MODEL
2010-11-01 01:05:03 +03:00
# that allows us to change the process model for
2009-08-12 14:41:44 +10:00
# individual machines in the build farm
my $ model = "single" ;
if ( defined ( $ ENV { SAMBA_PROCESS_MODEL } ) ) {
$ model = $ ENV { SAMBA_PROCESS_MODEL } ;
}
2010-10-10 10:12:46 +11:00
chomp ( $ pwd ) ;
my $ cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $model -i" ;
my $ ret = system ( "$cmdline" ) ;
2010-10-02 12:42:00 -07:00
if ( $ ret == - 1 ) {
2010-10-10 10:12:46 +11:00
print "Unable to start $cmdline: $ret: $!\n" ;
2007-03-05 21:28:55 +00:00
exit 1 ;
}
2010-10-02 12:42:00 -07:00
my $ exit = ( $ ret >> 8 ) ;
2009-02-04 15:17:14 +01:00
unlink ( $ env_vars - > { SAMBA_TEST_FIFO } ) ;
2010-09-04 21:08:35 +02:00
if ( $ ret == 0 ) {
2010-10-02 12:42:00 -07:00
print "$samba exited with no error\n" ;
exit 0 ;
2007-03-05 21:28:55 +00:00
} elsif ( $ ret & 127 ) {
2009-01-21 10:09:30 +01:00
print "$samba got signal " . ( $ ret & 127 ) . " and exits with $exit!\n" ;
2007-03-05 21:28:55 +00:00
} else {
2009-01-21 10:09:30 +01:00
print "$samba failed with status $exit!\n" ;
2007-03-05 21:28:55 +00:00
}
2010-10-02 12:42:00 -07:00
if ( $ exit == 0 ) {
$ exit = - 1 ;
}
2007-03-05 21:28:55 +00:00
exit $ exit ;
}
print "DONE\n" ;
2009-02-04 15:17:14 +01:00
open ( DATA , ">$env_vars->{SAMBA_TEST_FIFO}" ) ;
2007-03-21 15:57:07 +00:00
2007-03-05 21:28:55 +00:00
return $ pid ;
}
2007-04-04 12:23:10 +00:00
sub wait_for_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-04 12:23:10 +00:00
my ( $ self , $ testenv_vars ) = @ _ ;
2007-03-05 21:28:55 +00:00
# give time for nbt server to register its names
print "delaying for nbt name registration\n" ;
2007-04-28 08:58:40 +00:00
sleep 2 ;
2007-03-05 21:28:55 +00:00
2010-11-01 01:05:03 +03:00
# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
2009-02-03 16:20:24 +01:00
my $ nmblookup = $ self - > bindir_path ( "nmblookup" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}" ) ;
2007-04-18 14:02:26 +00:00
print $ self - > getlog_env ( $ testenv_vars ) ;
2007-03-05 21:28:55 +00:00
}
2007-04-17 00:30:01 +00:00
sub write_ldb_file ($$$)
{
my ( $ self , $ file , $ ldif ) = @ _ ;
2009-01-21 10:09:30 +01:00
my $ ldbadd = $ self - > bindir_path ( "ldbadd" ) ;
open ( LDIF , "|$ldbadd -H $file >/dev/null" ) ;
2007-04-17 00:30:01 +00:00
print LDIF $ ldif ;
2010-09-14 14:41:42 +02:00
return ( close ( LDIF ) ) ;
2007-04-17 00:30:01 +00:00
}
sub add_wins_config ($$)
{
my ( $ self , $ privatedir ) = @ _ ;
return $ self - > write_ldb_file ( "$privatedir/wins_config.ldb" , "
2010-06-16 11:02:48 +02:00
dn: name = TORTURE_11 , CN = PARTNERS
2007-04-17 00:30:01 +00:00
objectClass: wreplPartner
2010-06-16 11:02:48 +02:00
name: TORTURE_11
address: 127.0 .0 .11
2007-04-17 00:30:01 +00:00
pullInterval: 0
pushChangeCount: 0
type: 0x3
" ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_fedora_ds ($$)
2007-04-17 00:30:01 +00:00
{
2010-01-28 19:35:29 -06:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 00:30:01 +00:00
#Make the subdirectory be as fedora DS would expect
2010-01-28 19:35:29 -06:00
my $ fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}" ;
2007-04-17 00:30:01 +00:00
2010-01-28 19:35:29 -06:00
my $ pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid" ;
2007-04-17 00:30:01 +00:00
return ( $ fedora_ds_dir , $ pidfile ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_openldap ($$)
2007-04-17 00:30:01 +00:00
{
2010-01-28 19:35:29 -06:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 00:30:01 +00:00
2010-01-28 19:35:29 -06:00
my $ slapd_conf_d = "$ctx->{ldapdir}/slapd.d" ;
my $ pidfile = "$ctx->{ldapdir}/slapd.pid" ;
2007-04-17 00:30:01 +00:00
2009-08-13 17:01:27 +10:00
return ( $ slapd_conf_d , $ pidfile ) ;
2007-04-17 00:30:01 +00:00
}
2007-10-25 22:20:52 +02:00
sub mk_keyblobs ($$)
{
my ( $ self , $ tlsdir ) = @ _ ;
#TLS and PKINIT crypto blobs
my $ dhfile = "$tlsdir/dhparms.pem" ;
my $ cafile = "$tlsdir/ca.pem" ;
my $ certfile = "$tlsdir/cert.pem" ;
my $ reqkdc = "$tlsdir/req-kdc.der" ;
my $ kdccertfile = "$tlsdir/kdc.pem" ;
my $ keyfile = "$tlsdir/key.pem" ;
my $ adminkeyfile = "$tlsdir/adminkey.pem" ;
my $ reqadmin = "$tlsdir/req-admin.der" ;
my $ admincertfile = "$tlsdir/admincert.pem" ;
2009-07-28 14:05:19 +10:00
my $ admincertupnfile = "$tlsdir/admincertupn.pem" ;
2007-10-25 22:20:52 +02:00
mkdir ( $ tlsdir , 0777 ) ;
#This is specified here to avoid draining entropy on every run
open ( DHFILE , ">$dhfile" ) ;
print DHFILE << EOF ;
- - - - - BEGIN DH PARAMETERS - - - - -
MGYCYQC /eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/ Cys8j8wLO
svCN /jYNyR2NszOmg7ZWcOC/ 4 z / 4 pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
YX70obsCAQI =
- - - - - END DH PARAMETERS - - - - -
EOF
close ( DHFILE ) ;
2010-11-01 01:05:03 +03:00
#Likewise, we pregenerate the key material. This allows the
2007-10-25 22:20:52 +02:00
#other certificates to be pre-generated
open ( KEYFILE , ">$keyfile" ) ;
print KEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpc
ol3 + S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H
6 H + pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQAB
AoGAAqDLzFRR / BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
szNW4PRjaA9KkLQVTwnzdXGkBSkn / nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
9 /xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/ dilpY88Nb + xok / X
8 Z8OvgAXAkEA + pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
jNKEKnbf + TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4 / nN4IJXUW6AmPVOYIA5215itgki
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ + aFvqSG
- - - - - END RSA PRIVATE KEY - - - - -
EOF
close ( KEYFILE ) ;
open ( ADMINKEYFILE , ">$adminkeyfile" ) ;
print ADMINKEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQD0 + OL7TQBj0RejbIH1 + g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
5 iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
XLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xdl3JRlwIDAQAB
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ / LgaXUK9BAGhroJ2L
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk + FlolW4ECQQD7w5ouCDnf58CN
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
eAY126rXAkEA + RgHzybzZEP8jCuznMqoN2fq /Vrs6+W3M8/ G9mzGEMgLLpaf2Jiz
I9tLZ0 + OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
ASpo / tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz + o0bzATirmJ + WqxrkKTECQHt2
OLCpKqwAspU7N + w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ / lOwWyR3Hailft + mPqoPCa8QHlQZnlG
+ cfgNl57YHMTZFwgUVFRdJNpjH / WdZ5QxDcIVli0q + Ko
- - - - - END RSA PRIVATE KEY - - - - -
EOF
2010-11-01 01:05:03 +03:00
#generated with
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --self-signed --issue-ca \
# --ca-private-key="FILE:$KEYFILE" \
# --subject="CN=CA,DC=samba,DC=example,DC=com" \
# --certificate="FILE:$CAFILE" --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( CAFILE , ">$cafile" ) ;
print CAFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
MjIzMTJaMFIxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 + S9 / 6
I /uaTmJHZre+DF3dTzb/ UOZo0Zem8N + IzzkgoGkFafjXuT3BL5UPY2 / H6H + pPqVIRLOmrWIm
2008-03-02 07:57:13 -06:00
ai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB / wQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
yYDRg / dhFF9y656OpcHk4N7qZ2sl3RlHkzDu + dseETW + CnKvQIoXNyeARRJSsSlwrwcoD4JR
HTLk2sGigsWwrJ2N99sG /cqSJLJ1MFwLrs6koweBnYU0f/g =
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
2010-11-01 01:05:03 +03:00
#generated with GNUTLS internally in Samba.
2007-10-25 22:20:52 +02:00
open ( CERTFILE , ">$certfile" ) ;
print CERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 +
S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H6H + p
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABoyUw
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm / SAZBFyG
LYOChvh6hPU7joMdDwGfbiLrBnMag + BtGlmPLWwp / Kt1wNmrRhduyTQFhN3PP6fz
nBr9vVny2FewB2gHmelaPS // tXdxivSXKz3NFqqXLDJjq7P8wA ==
- - - - - END CERTIFICATE - - - - -
EOF
close ( CERTFILE ) ;
#KDC certificate
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$KEYFILE" $KDCREQ
2007-10-25 22:20:52 +02:00
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-kdc" \
# --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( KDCCERTFILE , ">$kdccertfile" ) ;
print KDCCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIIDDDCCAnWgAwIBAgIUI2Tzj + JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
MzE5MjNaMGYxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
yq + nD2KL0SfcTW5 + WlyiXf5L3 / oj + 5 pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp + Ne5
PcEvlQ9jb8fof6k + pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
AAGjgcgwgcUwDgYDVR0PAQH / BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS + jPK
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
2008-03-02 07:57:13 -06:00
AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
ge4yRRDXtSebErOl71zVJI9CVeQQpwcH + tA85oGA7oeFtO / S7ls581RUU6tGgyxV4veD + lJv
KPH5LevUtgD + q9H4LU4Sq5N3iFwBaeryB0g2wg ==
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( ADMINCERTFILE , ">$admincertfile" ) ;
print ADMINCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2009-07-28 14:05:19 +10:00
MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2009-07-28 14:05:19 +10:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
MzMyMTVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2008-03-02 07:57:13 -06:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA / oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
2009-07-28 14:05:19 +10:00
RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
2008-03-02 07:57:13 -06:00
ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B / BDjXlGuaFaxjAJBgNV
2009-07-28 14:05:19 +10:00
HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf / OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
7 /xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/ Nt7YQnNvwd + 1 SBP5E8GvwWw9ZzLJvma
nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
close ( ADMINCERTFILE ) ;
2009-07-28 14:05:19 +10:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --ms-upn="administrator@samba.example.com" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
# --lifetime="25 years"
open ( ADMINCERTUPNFILE , ">$admincertupnfile" ) ;
print ADMINCERTUPNFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
MzMzMDVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
+ jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
9 w0BAQsFAAOBgQBk42 + egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK / YR9rajKOwk5jtYSeS
Zd7J9s // rNFNa7waklFkDaY56 + QWTFtdvxfE + KoHaqt6X8u6pqi7p3M4wDKQox + 9 Dx8yWFyq
Wfz / 8 alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ ==
- - - - - END CERTIFICATE - - - - -
EOF
2007-10-25 22:20:52 +02:00
}
2011-03-04 10:05:13 +01:00
sub mk_krb5_conf ($$)
{
my ( $ self , $ ctx ) = @ _ ;
unless ( open ( KRB5CONF , ">$ctx->{krb5_conf}" ) ) {
warn ( "can't open $ctx->{krb5_conf}$?" ) ;
return undef ;
}
print KRB5CONF "
#Generated krb5.conf for $ctx->{realm}
[ libdefaults ]
default_realm = $ ctx - > { realm }
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24 h
forwardable = yes
allow_weak_crypto = yes
[ realms ]
$ ctx - > { realm } = {
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
default_domain = $ ctx - > { dnsname }
}
$ ctx - > { dnsname } = {
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
default_domain = $ ctx - > { dnsname }
}
$ ctx - > { domain } = {
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
default_domain = $ ctx - > { dnsname }
}
[ appdefaults ]
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
[ kdc ]
enable - pkinit = true
pkinit_identity = FILE: $ ctx - > { tlsdir } /kdc.pem,$ctx->{tlsdir}/ key . pem
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
[ domain_realm ]
. $ ctx - > { dnsname } = $ ctx - > { realm }
" ;
close ( KRB5CONF ) ;
}
2010-06-15 22:24:36 +10:00
sub provision_raw_prepare ($$$$$$$$$$)
2007-04-17 00:30:01 +00:00
{
2010-11-01 01:05:03 +03:00
my ( $ self , $ prefix , $ server_role , $ netbiosname , $ netbiosalias ,
2010-06-15 22:24:36 +10:00
$ domain , $ realm , $ functional_level ,
$ swiface , $ password , $ kdc_ipv4 ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx ;
2007-04-17 00:30:01 +00:00
2010-09-14 14:41:42 +02:00
unless ( - d $ prefix or mkdir ( $ prefix , 0777 ) ) {
warn ( "Unable to create $prefix" ) ;
return undef ;
}
2007-04-17 13:06:00 +00:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2007-04-17 15:33:50 +00:00
2009-02-04 11:18:32 +01:00
die ( "prefix=''" ) if $ prefix_abs eq "" ;
die ( "prefix='/'" ) if $ prefix_abs eq "/" ;
2007-04-17 00:30:01 +00:00
2010-09-14 14:41:42 +02:00
unless ( system ( "rm -rf $prefix_abs/*" ) == 0 ) {
warn ( "Unable to clean up" ) ;
}
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
$ ctx - > { prefix } = $ prefix ;
$ ctx - > { prefix_abs } = $ prefix_abs ;
2010-02-24 15:09:28 +11:00
$ ctx - > { dns_host_file } = "$ENV{SELFTEST_PREFIX}/dns_host_file" ;
2009-02-04 11:18:32 +01:00
$ ctx - > { server_role } = $ server_role ;
$ ctx - > { netbiosname } = $ netbiosname ;
$ ctx - > { netbiosalias } = $ netbiosalias ;
$ ctx - > { swiface } = $ swiface ;
$ ctx - > { password } = $ password ;
2009-02-10 18:00:48 +01:00
$ ctx - > { kdc_ipv4 } = $ kdc_ipv4 ;
2007-04-17 15:33:50 +00:00
2010-11-23 23:47:36 +03:00
$ ctx - > { server_loglevel } = $ ENV { SERVER_LOG_LEVEL } || 1 ;
2009-07-27 22:39:10 +10:00
$ ctx - > { username } = "Administrator" ;
2010-06-15 22:24:36 +10:00
$ ctx - > { domain } = $ domain ;
$ ctx - > { realm } = uc ( $ realm ) ;
$ ctx - > { dnsname } = lc ( $ realm ) ;
2009-10-28 15:28:31 -05:00
$ ctx - > { sid_generator } = "internal" ;
2009-02-04 11:18:32 +01:00
2010-06-15 22:24:36 +10:00
$ ctx - > { functional_level } = $ functional_level ;
2009-02-04 11:18:32 +01:00
my $ unix_name = ( $ ENV { USER } or $ ENV { LOGNAME } or `whoami` ) ;
chomp $ unix_name ;
$ ctx - > { unix_name } = $ unix_name ;
$ ctx - > { unix_uid } = $> ;
$ ctx - > { unix_gids_str } = $ ) ;
@ { $ ctx - > { unix_gids } } = split ( " " , $ ctx - > { unix_gids_str } ) ;
$ ctx - > { etcdir } = "$prefix_abs/etc" ;
$ ctx - > { piddir } = "$prefix_abs/pid" ;
$ ctx - > { smb_conf } = "$ctx->{etcdir}/smb.conf" ;
$ ctx - > { krb5_conf } = "$ctx->{etcdir}/krb5.conf" ;
$ ctx - > { privatedir } = "$prefix_abs/private" ;
$ ctx - > { ncalrpcdir } = "$prefix_abs/ncalrpc" ;
$ ctx - > { lockdir } = "$prefix_abs/lockdir" ;
$ ctx - > { winbindd_socket_dir } = "$prefix_abs/winbindd_socket" ;
$ ctx - > { winbindd_privileged_socket_dir } = "$prefix_abs/winbindd_privileged_socket" ;
$ ctx - > { ntp_signd_socket_dir } = "$prefix_abs/ntp_signd_socket" ;
$ ctx - > { nsswrap_passwd } = "$ctx->{etcdir}/passwd" ;
$ ctx - > { nsswrap_group } = "$ctx->{etcdir}/group" ;
$ ctx - > { tlsdir } = "$ctx->{privatedir}/tls" ;
$ ctx - > { ipv4 } = "127.0.0.$swiface" ;
$ ctx - > { interfaces } = "$ctx->{ipv4}/8" ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { privatedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { etcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { piddir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { ncalrpcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { lockdir } ) ;
2009-02-10 17:01:51 +01:00
$ ctx - > { smb_conf_extra_options } = "" ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:55:54 +01:00
my @ provision_options = ( ) ;
push ( @ provision_options , "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"" ) ;
push ( @ provision_options , "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"" ) ;
if ( defined ( $ ENV { GDB_PROVISION } ) ) {
2009-02-23 13:33:39 -05:00
push ( @ provision_options , "gdb --args" ) ;
2010-10-18 22:11:40 +11:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 17:55:54 +01:00
}
if ( defined ( $ ENV { VALGRIND_PROVISION } ) ) {
push ( @ provision_options , "valgrind" ) ;
2010-10-18 22:11:40 +11:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 17:55:54 +01:00
}
if ( defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , $ ENV { PYTHON } ) ;
}
2011-02-03 15:14:31 +11:00
push ( @ provision_options , "$self->{srcdir}/source4/setup/provision" ) ;
2009-02-10 17:55:54 +01:00
push ( @ provision_options , "--configfile=$ctx->{smb_conf}" ) ;
push ( @ provision_options , "--host-name=$ctx->{netbiosname}" ) ;
push ( @ provision_options , "--host-ip=$ctx->{ipv4}" ) ;
push ( @ provision_options , "--quiet" ) ;
push ( @ provision_options , "--domain=$ctx->{domain}" ) ;
push ( @ provision_options , "--realm=$ctx->{realm}" ) ;
push ( @ provision_options , "--adminpass=$ctx->{password}" ) ;
push ( @ provision_options , "--krbtgtpass=krbtgt$ctx->{password}" ) ;
push ( @ provision_options , "--machinepass=machine$ctx->{password}" ) ;
push ( @ provision_options , "--root=$ctx->{unix_name}" ) ;
push ( @ provision_options , "--server-role=\"$ctx->{server_role}\"" ) ;
2010-06-15 22:24:36 +10:00
push ( @ provision_options , "--function-level=\"$ctx->{functional_level}\"" ) ;
2009-02-10 17:55:54 +01:00
@ { $ ctx - > { provision_options } } = @ provision_options ;
2009-02-04 11:18:32 +01:00
return $ ctx ;
}
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
#
2009-02-10 17:55:54 +01:00
# Step1 creates the basic configuration
#
sub provision_raw_step1 ($$)
2009-02-04 11:18:32 +01:00
{
my ( $ self , $ ctx ) = @ _ ;
2007-05-01 03:28:12 +00:00
2009-02-04 11:18:32 +01:00
mkdir ( $ _ , 0777 ) foreach ( @ { $ ctx - > { directories } } ) ;
2007-05-01 03:28:12 +00:00
2010-09-14 14:41:42 +02:00
unless ( open ( CONFFILE , ">$ctx->{smb_conf}" ) ) {
warn ( "can't open $ctx->{smb_conf}$?" ) ;
return undef ;
}
2007-04-17 00:30:01 +00:00
print CONFFILE "
[ global ]
2009-02-04 11:18:32 +01:00
netbios name = $ ctx - > { netbiosname }
netbios aliases = $ ctx - > { netbiosalias }
2010-01-15 14:08:26 +03:00
posix:eadb = $ ctx - > { lockdir } / eadb . tdb
2009-02-04 11:18:32 +01:00
workgroup = $ ctx - > { domain }
realm = $ ctx - > { realm }
private dir = $ ctx - > { privatedir }
pid directory = $ ctx - > { piddir }
ncalrpc dir = $ ctx - > { ncalrpcdir }
lock dir = $ ctx - > { lockdir }
winbindd socket directory = $ ctx - > { winbindd_socket_dir }
winbindd privileged socket directory = $ ctx - > { winbindd_privileged_socket_dir }
ntp signd socket directory = $ ctx - > { ntp_signd_socket_dir }
winbind separator = /
2010-08-31 12:07:40 +10:00
name resolve order = file bcast
2009-02-04 11:18:32 +01:00
interfaces = $ ctx - > { interfaces }
tls dh params file = $ ctx - > { tlsdir } / dhparms . pem
2008-10-28 12:20:59 +01:00
panic action = $ RealBin / gdb_backtrace \ % PID % \ % PROG %
2007-04-17 00:30:01 +00:00
wins support = yes
2009-02-04 11:18:32 +01:00
server role = $ ctx - > { server_role }
2010-11-15 23:01:57 +01:00
server services = + echo
2007-04-17 00:30:01 +00:00
notify:inotify = false
ldb:nosync = true
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
2009-02-04 11:18:32 +01:00
log level = $ ctx - > { server_loglevel }
2010-02-11 20:48:47 +11:00
lanman auth = Yes
2010-03-26 19:03:22 +11:00
rndc command = true
2011-02-03 15:14:31 +11:00
dns update command = $ ENV { SRCDIR_ABS } /source4/sc ripting /bin/s amba_dnsupdate - - all - interfaces - - use - file = $ ctx - > { dns_host_file }
spn update command = $ ENV { SRCDIR_ABS } /source4/sc ripting /bin/s amba_spnupdate
2010-02-24 15:09:28 +11:00
resolv:host file = $ ctx - > { dns_host_file }
2010-07-09 09:23:04 +02:00
dreplsrv:periodic_startup_interval = 0
2010-02-11 20:48:47 +11:00
" ;
2009-10-28 15:28:31 -05:00
if ( defined ( $ ctx - > { sid_generator } ) && $ ctx - > { sid_generator } ne "internal" ) {
print CONFFILE "
sid generator = $ ctx - > { sid_generator } " ;
2010-09-14 14:41:42 +02:00
}
2009-10-28 15:28:31 -05:00
print CONFFILE "
2007-04-17 00:30:01 +00:00
2009-02-10 17:01:51 +01:00
# Begin extra options
$ ctx - > { smb_conf_extra_options }
# End extra options
2007-04-17 00:30:01 +00:00
" ;
close ( CONFFILE ) ;
2009-02-04 11:18:32 +01:00
$ self - > mk_keyblobs ( $ ctx - > { tlsdir } ) ;
2007-04-17 00:30:01 +00:00
2011-03-04 10:05:13 +01:00
$ self - > mk_krb5_conf ( $ ctx ) ;
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
open ( PWD , ">$ctx->{nsswrap_passwd}" ) ;
2007-11-05 15:49:40 +01:00
print PWD "
2009-02-04 11:18:32 +01:00
root:x:0:0:root gecos: $ ctx - > { prefix_abs } : /bin/ false
$ ctx - > { unix_name } : x: $ ctx - > { unix_uid } : @ { $ ctx - > { unix_gids } } [ 0 ] : $ ctx - > { unix_name } gecos: $ ctx - > { prefix_abs } : /bin/ false
nobody:x:65534:65533:nobody gecos: $ ctx - > { prefix_abs } : /bin/ false
2007-11-05 15:49:40 +01:00
" ;
close ( PWD ) ;
2009-02-04 11:18:32 +01:00
open ( GRP , ">$ctx->{nsswrap_group}" ) ;
2007-11-05 15:49:40 +01:00
print GRP "
root:x:0:
wheel:x:10:
users:x:100:
nobody:x:65533:
nogroup:x:65534:nobody
" ;
close ( GRP ) ;
2009-02-04 11:18:32 +01:00
my $ configuration = "--configfile=$ctx->{smb_conf}" ;
2007-04-17 00:30:01 +00:00
#Ensure the config file is valid before we start
2011-02-03 15:14:31 +11:00
my $ testparm = $ self - > scriptdir_path ( "bin/testparm" ) ;
2009-01-21 10:09:30 +01:00
if ( system ( "$testparm $configuration -v --suppress-prompt >/dev/null 2>&1" ) != 0 ) {
system ( "$testparm -v --suppress-prompt $configuration >&2" ) ;
2010-09-14 14:41:42 +02:00
warn ( "Failed to create a valid smb.conf configuration $testparm!" ) ;
return undef ;
2007-04-17 00:30:01 +00:00
}
2010-09-14 14:41:42 +02:00
unless ( system ( "($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1" ) == 0 ) {
warn ( "Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global" ) ;
return undef ;
}
2007-04-17 00:30:01 +00:00
my $ ret = {
2009-02-04 11:18:32 +01:00
KRB5_CONFIG = > $ ctx - > { krb5_conf } ,
PIDDIR = > $ ctx - > { piddir } ,
SERVER = > $ ctx - > { netbiosname } ,
SERVER_IP = > $ ctx - > { ipv4 } ,
NETBIOSNAME = > $ ctx - > { netbiosname } ,
NETBIOSALIAS = > $ ctx - > { netbiosalias } ,
DOMAIN = > $ ctx - > { domain } ,
USERNAME = > $ ctx - > { username } ,
REALM = > $ ctx - > { realm } ,
PASSWORD = > $ ctx - > { password } ,
LDAPDIR = > $ ctx - > { ldapdir } ,
2010-01-28 19:35:29 -06:00
LDAP_INSTANCE = > $ ctx - > { ldap_instance } ,
2009-02-04 11:18:32 +01:00
WINBINDD_SOCKET_DIR = > $ ctx - > { winbindd_socket_dir } ,
NCALRPCDIR = > $ ctx - > { ncalrpcdir } ,
LOCKDIR = > $ ctx - > { lockdir } ,
SERVERCONFFILE = > $ ctx - > { smb_conf } ,
2007-04-17 15:33:50 +00:00
CONFIGURATION = > $ configuration ,
2009-02-04 11:18:32 +01:00
SOCKET_WRAPPER_DEFAULT_IFACE = > $ ctx - > { swiface } ,
NSS_WRAPPER_PASSWD = > $ ctx - > { nsswrap_passwd } ,
NSS_WRAPPER_GROUP = > $ ctx - > { nsswrap_group } ,
SAMBA_TEST_FIFO = > "$ctx->{prefix}/samba_test.fifo" ,
SAMBA_TEST_LOG = > "$ctx->{prefix}/samba_test.log" ,
2009-02-04 15:17:14 +01:00
SAMBA_TEST_LOG_POS = > 0 ,
2007-04-17 00:30:01 +00:00
} ;
2009-02-10 17:55:54 +01:00
return $ ret ;
}
2007-04-23 07:33:15 +00:00
2009-02-10 17:55:54 +01:00
#
# Step2 runs the provision script
#
sub provision_raw_step2 ($$$)
{
my ( $ self , $ ctx , $ ret ) = @ _ ;
2007-04-23 21:56:23 +00:00
2009-02-10 17:55:54 +01:00
my $ provision_cmd = join ( " " , @ { $ ctx - > { provision_options } } ) ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ provision_cmd ) == 0 ) {
warn ( "Unable to provision: \n$provision_cmd\n" ) ;
return undef ;
}
2007-04-23 07:33:15 +00:00
2009-02-04 11:18:32 +01:00
return $ ret ;
}
2010-06-15 22:24:36 +10:00
sub provision ($$$$$$$$$)
2009-02-04 11:18:32 +01:00
{
2010-11-01 01:05:03 +03:00
my ( $ self , $ prefix , $ server_role , $ netbiosname , $ netbiosalias ,
$ domain , $ realm , $ functional_level ,
2010-06-15 22:24:36 +10:00
$ swiface , $ password , $ kdc_ipv4 , $ extra_smbconf_options ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , $ server_role ,
$ netbiosname , $ netbiosalias ,
2010-06-15 22:24:36 +10:00
$ domain , $ realm , $ functional_level ,
2009-02-10 18:00:48 +01:00
$ swiface , $ password , $ kdc_ipv4 ) ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:01:51 +01:00
$ ctx - > { tmpdir } = "$ctx->{prefix_abs}/tmp" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}/test1" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}/test2" ) ;
2010-05-11 21:22:24 +04:00
my $ msdfs = "no" ;
$ msdfs = "yes" if ( $ server_role eq "domain controller" ) ;
2009-02-10 17:01:51 +01:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
2010-02-19 15:56:30 +11:00
$ extra_smbconf_options
2010-05-11 21:22:24 +04:00
host msdfs = $ msdfs
2010-06-22 22:11:00 +02:00
lanman auth = yes
2009-02-10 17:01:51 +01:00
[ tmp ]
path = $ ctx - > { tmpdir }
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
[ test1 ]
path = $ ctx - > { tmpdir } / test1
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
2009-10-23 15:38:54 +11:00
posix:writetimeupdatedelay = 50000
2009-02-10 17:01:51 +01:00
[ test2 ]
path = $ ctx - > { tmpdir } / test2
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:oplocktimeout = 3
2009-10-23 15:38:54 +11:00
posix:writetimeupdatedelay = 50000
2009-02-10 17:01:51 +01:00
[ cifs ]
read only = no
ntvfs handler = cifs
cifs:server = $ ctx - > { netbiosname }
cifs:share = tmp
#There is no username specified here, instead the client is expected
#to log in with kerberos, and the serverwill use delegated credentials.
[ simple ]
path = $ ctx - > { tmpdir }
read only = no
ntvfs handler = simple
[ sysvol ]
path = $ ctx - > { lockdir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { lockdir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
[ cifsposix ]
copy = simple
ntvfs handler = cifsposix
" ;
2009-02-10 17:55:54 +01:00
if ( defined ( $ self - > { ldap } ) ) {
$ ctx - > { ldapdir } = "$ctx->{privatedir}/ldap" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{ldapdir}" ) ;
my $ ldap_uri = "$ctx->{ldapdir}/ldapi" ;
$ ldap_uri =~ s | / | % 2F | g ;
$ ldap_uri = "ldapi://$ldap_uri" ;
$ ctx - > { ldap_uri } = $ ldap_uri ;
2010-09-04 18:24:02 +02:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
2009-10-28 15:28:31 -05:00
$ ctx - > { sid_generator } = "backend" ;
}
2010-01-28 19:35:29 -06:00
$ ctx - > { ldap_instance } = lc ( $ ctx - > { netbiosname } ) ;
2009-02-10 17:55:54 +01:00
}
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-11-01 01:00:46 +03:00
unless ( defined $ ret ) {
2010-09-14 14:41:42 +02:00
return undef ;
}
2009-02-10 17:55:54 +01:00
if ( defined ( $ self - > { ldap } ) ) {
2010-09-14 14:41:42 +02:00
$ ret - > { LDAP_URI } = $ ctx - > { ldap_uri } ;
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-type=" . $ self - > { ldap } ) ;
2010-04-22 11:37:41 +10:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-nosync" ) ;
2009-02-10 17:55:54 +01:00
if ( $ self - > { ldap } eq "openldap" ) {
2010-09-14 14:41:42 +02:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . $ ENV { OPENLDAP_SLAPD } ) ;
2010-01-28 19:35:29 -06:00
( $ ret - > { SLAPD_CONF_D } , $ ret - > { OPENLDAP_PIDFILE } ) = $ self - > mk_openldap ( $ ctx ) or die ( "Unable to create openldap directories" ) ;
2009-02-10 17:55:54 +01:00
2009-08-10 22:01:28 +10:00
} elsif ( $ self - > { ldap } eq "fedora-ds" ) {
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" ) ;
push ( @ { $ ctx - > { provision_options } } , "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl" ) ;
2010-01-28 19:35:29 -06:00
( $ ret - > { FEDORA_DS_DIR } , $ ret - > { FEDORA_DS_PIDFILE } ) = $ self - > mk_fedora_ds ( $ ctx ) or die ( "Unable to create fedora ds directories" ) ;
2009-02-10 17:55:54 +01:00
}
}
2010-09-14 14:41:42 +02:00
return $ self - > provision_raw_step2 ( $ ctx , $ ret ) ;
2007-04-17 00:30:01 +00:00
}
2007-04-12 08:33:35 +00:00
sub provision_member ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2007-04-17 00:30:01 +00:00
print "PROVISIONING MEMBER..." ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
"localmember" ,
2010-06-23 09:53:20 +10:00
"member3" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2007-04-29 13:54:51 +00:00
3 ,
2010-06-16 11:22:30 +02:00
"locMEMpass3" ,
2010-02-19 15:56:30 +11:00
$ dcvars - > { SERVER_IP } ,
"" ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2007-04-12 08:33:35 +00:00
2010-10-23 19:27:26 -07:00
my $ samba_tool = $ self - > bindir_path ( "samba-tool" ) ;
2007-04-30 11:16:50 +00:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2010-10-23 19:27:26 -07:00
$ cmd . = "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 15:56:30 +11:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2007-04-30 11:16:50 +00:00
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2007-04-16 10:44:26 +00:00
2010-02-19 15:56:30 +11:00
$ ret - > { MEMBER_SERVER } = $ ret - > { SERVER } ;
$ ret - > { MEMBER_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { MEMBER_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { MEMBER_NETBIOSALIAS } = $ ret - > { NETBIOSALIAS } ;
$ ret - > { MEMBER_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { MEMBER_PASSWORD } = $ ret - > { PASSWORD } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ dcvars - > { DC_NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
sub provision_rpc_proxy ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING RPC PROXY..." ;
2010-06-23 13:50:55 +10:00
my $ extra_smbconf_options = " dcerpc_remote:binding = ncacn_ip_tcp:localdc
2010-02-19 15:56:30 +11:00
dcerpc endpoint servers = epmapper , remote
dcerpc_remote:interfaces = rpcecho
" ;
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
"localrpcproxy" ,
2010-06-23 09:53:20 +10:00
"rpcproxy4" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2010-02-19 15:56:30 +11:00
4 ,
2010-06-16 11:22:30 +02:00
"locRPCproxypass4" ,
2010-02-19 15:56:30 +11:00
$ dcvars - > { SERVER_IP } ,
$ extra_smbconf_options ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-02-19 15:56:30 +11:00
2010-10-23 19:27:26 -07:00
my $ samba_tool = $ self - > bindir_path ( "samba-tool" ) ;
2010-02-19 15:56:30 +11:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2010-10-23 19:27:26 -07:00
$ cmd . = "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 15:56:30 +11:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-02-19 15:56:30 +11:00
$ ret - > { RPC_PROXY_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RPC_PROXY_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { RPC_PROXY_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { RPC_PROXY_NETBIOSALIAS } = $ ret - > { NETBIOSALIAS } ;
$ ret - > { RPC_PROXY_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { RPC_PROXY_PASSWORD } = $ ret - > { PASSWORD } ;
2007-04-28 08:57:06 +00:00
2011-03-25 12:33:33 +01:00
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ dcvars - > { DC_NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
2007-04-17 00:30:01 +00:00
return $ ret ;
2007-04-12 08:33:35 +00:00
}
2010-03-12 10:36:12 +11:00
sub provision_vampire_dc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING VAMPIRE DC..." ;
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
2010-06-16 11:13:28 +02:00
"localvampiredc" ,
2010-06-23 09:53:20 +10:00
"dc2" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2010-06-16 11:13:28 +02:00
2 , $ dcvars - > { PASSWORD } ,
2010-03-12 10:36:12 +11:00
$ dcvars - > { SERVER_IP } ) ;
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { lockdir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { lockdir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-03-12 10:36:12 +11:00
2010-10-23 19:27:26 -07:00
my $ samba_tool = $ self - > bindir_path ( "samba-tool" ) ;
2010-03-12 10:36:12 +11:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2010-11-05 18:57:36 +11:00
$ cmd . = "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}" ;
2010-03-12 10:36:12 +11:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-03-12 10:36:12 +11:00
$ ret - > { VAMPIRE_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { VAMPIRE_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { VAMPIRE_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { VAMPIRE_DC_NETBIOSALIAS } = $ ret - > { NETBIOSALIAS } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ dcvars - > { DC_NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2007-04-12 08:33:35 +00:00
sub provision_dc ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ prefix ) = @ _ ;
2007-03-21 15:57:07 +00:00
2007-04-17 00:30:01 +00:00
print "PROVISIONING DC..." ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"localdc" ,
2010-06-23 09:53:20 +10:00
"dc1" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 22:24:36 +10:00
"2008" ,
2007-04-29 13:54:51 +00:00
1 ,
2010-06-16 11:22:30 +02:00
"locDCpass1" ,
2010-02-19 15:56:30 +11:00
"127.0.0.1" , "" ) ;
2007-04-17 00:30:01 +00:00
2010-11-01 01:00:46 +03:00
return undef unless ( defined $ ret ) ;
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2007-04-17 00:30:01 +00:00
2010-02-19 15:56:30 +11:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ ret - > { NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
2007-04-17 00:30:01 +00:00
return $ ret ;
2007-03-05 21:28:55 +00:00
}
2010-06-15 22:24:36 +10:00
sub provision_fl2000dc ($$)
{
my ( $ self , $ prefix ) = @ _ ;
print "PROVISIONING DC..." ;
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc5" ,
2010-06-15 22:24:36 +10:00
"localfl2000dc" ,
2010-11-01 01:05:03 +03:00
"SAMBA2000" ,
"samba2000.example.com" ,
2010-06-15 22:24:36 +10:00
"2000" ,
2010-06-16 11:14:46 +02:00
5 ,
"locDCpass5" ,
"127.0.0.5" , "" ) ;
2010-06-15 22:24:36 +10:00
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-15 22:24:36 +10:00
return $ ret ;
}
2010-06-21 22:17:40 +10:00
sub provision_fl2003dc ($$)
{
my ( $ self , $ prefix ) = @ _ ;
print "PROVISIONING DC..." ;
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc6" ,
2010-06-21 22:17:40 +10:00
"localfl2003dc" ,
"SAMBA2003" ,
"samba2003.example.com" ,
"2003" ,
6 ,
"locDCpass6" ,
"127.0.0.6" , "" ) ;
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-21 22:17:40 +10:00
return $ ret ;
}
sub provision_fl2008r2dc ($$)
{
my ( $ self , $ prefix ) = @ _ ;
print "PROVISIONING DC..." ;
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 09:53:20 +10:00
"dc7" ,
2010-06-21 22:17:40 +10:00
"localfl2000r2dc" ,
"SAMBA2008R2" ,
"samba2008R2.example.com" ,
2010-06-23 10:24:14 +10:00
"2008_R2" ,
2010-06-21 22:17:40 +10:00
7 ,
"locDCpass7" ,
"127.0.0.7" , "" ) ;
2010-09-14 14:41:42 +02:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-21 22:17:40 +10:00
return $ ret ;
}
2010-09-09 18:02:31 +10:00
sub provision_rodc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
print "PROVISIONING RODC..." ;
# We do this so that we don't run the provision. That's the job of 'net join RODC'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"rodc" ,
"dc8" ,
"SAMBADOMAIN" ,
"samba.example.com" ,
"2008" ,
8 , $ dcvars - > { PASSWORD } ,
$ dcvars - > { SERVER_IP } ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ctx ) {
return undef ;
}
2010-09-09 18:02:31 +10:00
$ ctx - > { tmpdir } = "$ctx->{prefix_abs}/tmp" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}" ) ;
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { lockdir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { lockdir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = yes
[ tmp ]
path = $ ctx - > { tmpdir }
read only = no
posix:sharedelay = 10000
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 14:41:42 +02:00
unless ( $ ret ) {
return undef ;
}
2010-09-09 18:02:31 +10:00
2010-10-23 19:27:26 -07:00
my $ samba_tool = $ self - > bindir_path ( "samba-tool" ) ;
2010-09-09 18:02:31 +10:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2010-10-23 19:27:26 -07:00
$ cmd . = "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} RODC" ;
2010-09-09 18:02:31 +10:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
$ cmd . = " --server=$dcvars->{DC_SERVER}" ;
2010-09-14 14:41:42 +02:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "RODC join failed\n$cmd" ) ;
return undef ;
}
2010-09-09 18:02:31 +10:00
2011-03-04 10:05:51 +01:00
# we overwrite the kdc after the RODC join
# so that use the RODC as kdc and test
# the proxy code
$ ctx - > { kdc_ipv4 } = $ ret - > { SERVER_IP } ;
$ self - > mk_krb5_conf ( $ ctx ) ;
2010-09-09 18:02:31 +10:00
$ ret - > { RODC_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RODC_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { RODC_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { RODC_DC_NETBIOSALIAS } = $ ret - > { NETBIOSALIAS } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ dcvars - > { DC_NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2007-04-10 20:19:31 +00:00
sub teardown_env ($$)
2007-03-21 15:57:07 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2007-07-04 00:34:16 +00:00
my $ pid ;
2007-03-21 15:57:07 +00:00
close ( DATA ) ;
2010-09-14 14:41:42 +02:00
if ( open ( IN , "<$envvars->{PIDDIR}/samba.pid" ) ) {
2007-07-04 00:34:16 +00:00
$ pid = <IN> ;
2007-03-21 15:57:07 +00:00
close ( IN ) ;
2007-07-04 00:34:16 +00:00
# Give the process 20 seconds to exit. gcov needs
# this time to write out the covarge data
my $ count = 0 ;
until ( kill ( 0 , $ pid ) == 0 ) {
2010-09-14 14:41:42 +02:00
# if no process sucessfully signalled, then we are done
sleep ( 1 ) ;
$ count + + ;
last if $ count > 20 ;
2007-07-04 00:34:16 +00:00
}
2010-09-14 14:41:42 +02:00
2007-07-04 00:34:16 +00:00
# If it is still around, kill it
if ( $ count > 20 ) {
2010-09-14 14:41:42 +02:00
print "server process $pid took more than $count seconds to exit, killing\n" ;
kill 9 , $ pid ;
2007-07-04 00:34:16 +00:00
}
2007-03-21 15:57:07 +00:00
}
2007-07-04 00:34:16 +00:00
my $ failed = $? >> 8 ;
2007-04-10 20:19:31 +00:00
$ self - > slapd_stop ( $ envvars ) if ( $ self - > { ldap } ) ;
2007-03-21 15:57:07 +00:00
2007-04-19 16:37:11 +00:00
print $ self - > getlog_env ( $ envvars ) ;
2007-03-21 15:57:07 +00:00
return $ failed ;
}
2007-04-18 14:02:26 +00:00
sub getlog_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2009-02-04 15:17:14 +01:00
my $ title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n" ;
2007-04-18 14:02:26 +00:00
my $ out = $ title ;
2009-02-04 15:17:14 +01:00
open ( LOG , "<$envvars->{SAMBA_TEST_LOG}" ) ;
2007-04-18 14:02:26 +00:00
2009-02-04 15:17:14 +01:00
seek ( LOG , $ envvars - > { SAMBA_TEST_LOG_POS } , SEEK_SET ) ;
2007-04-18 14:02:26 +00:00
while ( <LOG> ) {
$ out . = $ _ ;
}
2009-02-04 15:17:14 +01:00
$ envvars - > { SAMBA_TEST_LOG_POS } = tell ( LOG ) ;
2007-04-18 14:02:26 +00:00
close ( LOG ) ;
return "" if $ out eq $ title ;
2010-11-01 01:05:03 +03:00
2007-04-18 14:02:26 +00:00
return $ out ;
}
2007-04-19 14:54:09 +00:00
sub check_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2010-09-04 21:08:35 +02:00
return ( - p $ envvars - > { SAMBA_TEST_FIFO } ) ;
2007-04-19 14:54:09 +00:00
}
2007-04-11 03:45:39 +00:00
sub setup_env ($$$)
2007-03-05 21:28:55 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ envname , $ path ) = @ _ ;
2007-04-18 14:02:26 +00:00
2010-10-02 12:42:00 -07:00
$ ENV { ENVNAME } = $ envname ;
2007-04-10 20:19:31 +00:00
if ( $ envname eq "dc" ) {
2007-04-11 03:45:39 +00:00
return $ self - > setup_dc ( "$path/dc" ) ;
2010-06-15 22:24:36 +10:00
} elsif ( $ envname eq "fl2000dc" ) {
return $ self - > setup_fl2000dc ( "$path/fl2000dc" ) ;
2010-06-21 22:17:40 +10:00
} elsif ( $ envname eq "fl2003dc" ) {
return $ self - > setup_fl2003dc ( "$path/fl2003dc" ) ;
} elsif ( $ envname eq "fl2008r2dc" ) {
return $ self - > setup_fl2008r2dc ( "$path/fl2008r2dc" ) ;
2010-02-19 15:56:30 +11:00
} elsif ( $ envname eq "rpc_proxy" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
$ self - > setup_dc ( "$path/dc" ) ;
}
return $ self - > setup_rpc_proxy ( "$path/rpc_proxy" , $ self - > { vars } - > { dc } ) ;
2010-03-12 10:36:12 +11:00
} elsif ( $ envname eq "vampire_dc" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
$ self - > setup_dc ( "$path/dc" ) ;
}
return $ self - > setup_vampire_dc ( "$path/vampire_dc" , $ self - > { vars } - > { dc } ) ;
2007-04-12 08:33:35 +00:00
} elsif ( $ envname eq "member" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
$ self - > setup_dc ( "$path/dc" ) ;
}
return $ self - > setup_member ( "$path/member" , $ self - > { vars } - > { dc } ) ;
2010-09-09 18:02:31 +10:00
} elsif ( $ envname eq "rodc" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
$ self - > setup_dc ( "$path/dc" ) ;
}
return $ self - > setup_rodc ( "$path/rodc" , $ self - > { vars } - > { dc } ) ;
2010-02-19 15:56:30 +11:00
} elsif ( $ envname eq "all" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
2010-10-02 14:23:43 -07:00
$ ENV { ENVNAME } = "dc" ;
2010-02-19 15:56:30 +11:00
$ self - > setup_dc ( "$path/dc" ) ;
}
my $ ret = $ self - > setup_member ( "$path/member" , $ self - > { vars } - > { dc } ) ;
if ( not defined ( $ self - > { vars } - > { rpc_proxy } ) ) {
2010-10-02 14:23:43 -07:00
$ ENV { ENVNAME } = "rpc_proxy" ;
2010-02-19 15:56:30 +11:00
my $ rpc_proxy_ret = $ self - > setup_rpc_proxy ( "$path/rpc_proxy" , $ self - > { vars } - > { dc } ) ;
$ ret - > { RPC_PROXY_SERVER } = $ rpc_proxy_ret - > { SERVER } ;
$ ret - > { RPC_PROXY_SERVER_IP } = $ rpc_proxy_ret - > { SERVER_IP } ;
$ ret - > { RPC_PROXY_NETBIOSNAME } = $ rpc_proxy_ret - > { NETBIOSNAME } ;
$ ret - > { RPC_PROXY_NETBIOSALIAS } = $ rpc_proxy_ret - > { NETBIOSALIAS } ;
$ ret - > { RPC_PROXY_USERNAME } = $ rpc_proxy_ret - > { USERNAME } ;
$ ret - > { RPC_PROXY_PASSWORD } = $ rpc_proxy_ret - > { PASSWORD } ;
}
2010-06-15 22:24:36 +10:00
if ( not defined ( $ self - > { vars } - > { fl2000dc } ) ) {
2010-10-02 14:23:43 -07:00
$ ENV { ENVNAME } = "fl2000dc" ;
2010-06-15 22:24:36 +10:00
my $ fl2000dc_ret = $ self - > setup_fl2000dc ( "$path/fl2000dc" , $ self - > { vars } - > { dc } ) ;
$ ret - > { FL2000DC_SERVER } = $ fl2000dc_ret - > { SERVER } ;
$ ret - > { FL2000DC_SERVER_IP } = $ fl2000dc_ret - > { SERVER_IP } ;
$ ret - > { FL2000DC_NETBIOSNAME } = $ fl2000dc_ret - > { NETBIOSNAME } ;
$ ret - > { FL2000DC_NETBIOSALIAS } = $ fl2000dc_ret - > { NETBIOSALIAS } ;
$ ret - > { FL2000DC_USERNAME } = $ fl2000dc_ret - > { USERNAME } ;
$ ret - > { FL2000DC_PASSWORD } = $ fl2000dc_ret - > { PASSWORD } ;
}
2010-06-21 22:17:40 +10:00
if ( not defined ( $ self - > { vars } - > { fl2003dc } ) ) {
2010-10-02 14:23:43 -07:00
$ ENV { ENVNAME } = "fl2003dc" ;
2010-06-21 22:17:40 +10:00
my $ fl2003dc_ret = $ self - > setup_fl2003dc ( "$path/fl2003dc" , $ self - > { vars } - > { dc } ) ;
$ ret - > { FL2003DC_SERVER } = $ fl2003dc_ret - > { SERVER } ;
$ ret - > { FL2003DC_SERVER_IP } = $ fl2003dc_ret - > { SERVER_IP } ;
$ ret - > { FL2003DC_NETBIOSNAME } = $ fl2003dc_ret - > { NETBIOSNAME } ;
$ ret - > { FL2003DC_NETBIOSALIAS } = $ fl2003dc_ret - > { NETBIOSALIAS } ;
$ ret - > { FL2003DC_USERNAME } = $ fl2003dc_ret - > { USERNAME } ;
$ ret - > { FL2003DC_PASSWORD } = $ fl2003dc_ret - > { PASSWORD } ;
}
if ( not defined ( $ self - > { vars } - > { fl2008r2dc } ) ) {
2010-10-02 14:23:43 -07:00
$ ENV { ENVNAME } = "fl2008r2dc" ;
2010-06-21 22:17:40 +10:00
my $ fl2008r2dc_ret = $ self - > setup_fl2008r2dc ( "$path/fl2008r2dc" , $ self - > { vars } - > { dc } ) ;
$ ret - > { FL2008R2DC_SERVER } = $ fl2008r2dc_ret - > { SERVER } ;
$ ret - > { FL2008R2DC_SERVER_IP } = $ fl2008r2dc_ret - > { SERVER_IP } ;
$ ret - > { FL2008R2DC_NETBIOSNAME } = $ fl2008r2dc_ret - > { NETBIOSNAME } ;
$ ret - > { FL2008R2DC_NETBIOSALIAS } = $ fl2008r2dc_ret - > { NETBIOSALIAS } ;
$ ret - > { FL2008R2DC_USERNAME } = $ fl2008r2dc_ret - > { USERNAME } ;
$ ret - > { FL2008R2DC_PASSWORD } = $ fl2008r2dc_ret - > { PASSWORD } ;
}
2010-02-19 15:56:30 +11:00
return $ ret ;
2007-04-10 20:19:31 +00:00
} else {
2010-09-14 14:41:42 +02:00
warn ( "Samba4 can't provide environment '$envname'" ) ;
return undef ;
2007-04-10 20:19:31 +00:00
}
}
2010-03-12 10:36:12 +11:00
sub setup_member ($$$)
2007-04-12 08:33:35 +00:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_member ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env , ( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2007-04-12 08:33:35 +00:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2007-04-12 08:33:35 +00:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { member } = $ env ;
}
2010-02-19 15:56:30 +11:00
return $ env ;
}
2010-03-12 10:36:12 +11:00
sub setup_rpc_proxy ($$$)
2010-02-19 15:56:30 +11:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rpc_proxy ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2010-11-06 13:48:31 +11:00
$ self - > check_or_start ( $ env , ( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2010-02-19 15:56:30 +11:00
2010-11-06 13:48:31 +11:00
$ self - > wait_for_start ( $ env ) ;
2010-02-19 15:56:30 +11:00
2010-11-06 13:48:31 +11:00
$ self - > { vars } - > { rpc_proxy } = $ env ;
2010-11-01 01:00:46 +03:00
}
2007-04-12 08:33:35 +00:00
return $ env ;
}
2007-04-11 03:45:39 +00:00
sub setup_dc ($$)
2007-04-10 20:19:31 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ path ) = @ _ ;
2007-04-04 12:23:10 +00:00
2007-04-12 08:33:35 +00:00
my $ env = $ self - > provision_dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2007-04-04 12:23:10 +00:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2007-04-12 08:33:35 +00:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { dc } = $ env ;
}
2007-04-04 12:23:10 +00:00
return $ env ;
2007-03-05 21:28:55 +00:00
}
2010-06-15 22:24:36 +10:00
sub setup_fl2000dc ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_fl2000dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2010-06-15 22:24:36 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-15 22:24:36 +10:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2000dc } = $ env ;
}
2010-06-15 22:24:36 +10:00
return $ env ;
}
2010-06-21 22:17:40 +10:00
sub setup_fl2003dc ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_fl2003dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2003dc } = $ env ;
}
2010-06-21 22:17:40 +10:00
return $ env ;
}
sub setup_fl2008r2dc ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_fl2008r2dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > wait_for_start ( $ env ) ;
2010-06-21 22:17:40 +10:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2008r2dc } = $ env ;
}
2010-06-21 22:17:40 +10:00
return $ env ;
}
2010-03-12 10:36:12 +11:00
sub setup_vampire_dc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_vampire_dc ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
$ self - > wait_for_start ( $ env ) ;
$ self - > { vars } - > { vampire_dc } = $ env ;
# force replicated DC to update repsTo/repsFrom
# for vampired partitions
my $ samba_tool = $ self - > bindir_path ( "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs kcc $env->{DC_SERVER}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
warn ( "Failed to exec kcc\n$cmd" ) ;
return undef ;
}
2010-08-28 01:30:09 +03:00
2010-11-01 01:00:46 +03:00
# as 'vampired' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
2010-09-14 14:41:42 +02:00
}
2010-08-28 01:30:09 +03:00
2010-03-12 10:36:12 +11:00
return $ env ;
}
2010-09-09 18:02:31 +10:00
sub setup_rodc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rodc ( $ path , $ dc_vars ) ;
2010-09-14 14:41:42 +02:00
unless ( $ env ) {
return undef ;
}
2010-09-09 18:02:31 +10:00
$ self - > check_or_start ( $ env ,
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
$ self - > wait_for_start ( $ env ) ;
$ self - > { vars } - > { rodc } = $ env ;
return $ env ;
}
2007-03-05 21:28:55 +00:00
1 ;