2007-03-21 15:57:07 +00:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
2018-11-09 11:44:18 +13:00
# NOTE: Refer to the README for more details about the various testenvs,
# and tips about adding new testenvs.
2007-03-21 15:57:07 +00:00
package Samba3 ;
use strict ;
2019-12-07 22:37:00 +13:00
use warnings ;
2007-04-18 00:12:39 +00:00
use Cwd qw( abs_path ) ;
2007-03-21 15:57:07 +00:00
use FindBin qw( $RealBin ) ;
2007-09-01 23:11:48 +00:00
use POSIX ;
2011-04-27 11:19:20 +10:00
use target::Samba ;
2017-06-22 14:17:07 +02:00
use File::Path 'remove_tree' ;
2007-03-21 15:57:07 +00:00
2019-12-17 15:18:06 +00:00
sub return_alias_env
{
my ( $ self , $ path , $ env ) = @ _ ;
# just an alias
return $ env ;
}
2012-02-14 09:04:16 +11:00
sub have_ads ($) {
2012-02-18 10:35:24 +11:00
my ( $ self ) = @ _ ;
2012-02-14 09:04:16 +11:00
my $ found_ads = 0 ;
2021-01-12 10:07:56 +01:00
my $ smbd_build_options = Samba:: bindir_path ( $ self , "smbd" ) . " --configfile=/dev/null -b|" ;
2012-02-18 10:35:24 +11:00
open ( IN , $ smbd_build_options ) or die ( "Unable to run $smbd_build_options: $!" ) ;
while ( <IN> ) {
if ( /WITH_ADS/ ) {
$ found_ads = 1 ;
}
}
close IN ;
2012-02-14 09:04:16 +11:00
# If we were not built with ADS support, pretend we were never even available
2013-07-03 12:49:43 -07:00
print "smbd does not have ADS support\n" unless $ found_ads ;
2012-02-14 09:04:16 +11:00
return $ found_ads ;
}
2013-11-18 14:54:26 +01:00
# return smb.conf parameters applicable to @path, based on the underlying
# filesystem type
sub get_fs_specific_conf ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ mods = "" ;
my $ stat_out = `stat --file-system $path` or return "" ;
if ( $ stat_out =~ m/Type:\s+btrfs/ ) {
2017-05-17 12:54:15 +02:00
$ mods . = "streams_xattr btrfs" ;
2013-11-18 14:54:26 +01:00
}
if ( $ mods ) {
return "vfs objects = $mods" ;
}
2019-12-07 23:08:48 +13:00
return '' ;
2013-11-18 14:54:26 +01:00
}
2007-04-18 00:12:39 +00:00
sub new ($$) {
2019-10-30 21:53:39 +01:00
my ( $ classname , $ SambaCtx , $ bindir , $ srcdir , $ server_maxtime ) = @ _ ;
2011-04-15 12:27:30 +10:00
my $ self = { vars = > { } ,
2019-10-30 21:53:39 +01:00
SambaCtx = > $ SambaCtx ,
2011-04-15 12:27:30 +10:00
bindir = > $ bindir ,
srcdir = > $ srcdir ,
2011-04-19 13:50:40 +10:00
server_maxtime = > $ server_maxtime
2011-02-22 11:56:18 +11:00
} ;
2007-03-21 15:57:07 +00:00
bless $ self ;
return $ self ;
}
2007-04-18 00:12:39 +00:00
sub teardown_env ($$)
2016-07-12 13:12:24 +02:00
{
my ( $ self , $ envvars ) = @ _ ;
if ( defined ( $ envvars - > { CTDB_PREFIX } ) ) {
$ self - > teardown_env_ctdb ( $ envvars ) ;
} else {
$ self - > teardown_env_samba ( $ envvars ) ;
}
return ;
}
sub teardown_env_samba ($$)
2007-03-21 15:57:07 +00:00
{
2007-04-18 00:12:39 +00:00
my ( $ self , $ envvars ) = @ _ ;
2012-03-02 18:20:45 +11:00
my $ count = 0 ;
2013-11-18 14:54:26 +01:00
2012-03-02 18:20:45 +11:00
# This should cause smbd to terminate gracefully
close ( $ envvars - > { STDIN_PIPE } ) ;
2007-03-21 15:57:07 +00:00
2012-03-04 18:34:34 +11:00
my $ smbdpid = $ envvars - > { SMBD_TL_PID } ;
my $ nmbdpid = $ envvars - > { NMBD_TL_PID } ;
my $ winbinddpid = $ envvars - > { WINBINDD_TL_PID } ;
2021-06-18 19:11:19 +02:00
my $ samba_dcerpcdpid = $ envvars - > { SAMBA_DCERPCD_TL_PID } ;
2012-03-04 18:34:34 +11:00
# This should give it time to write out the gcov data
until ( $ count > 20 ) {
2012-03-05 11:12:00 +11:00
my $ smbdchild = Samba:: cleanup_child ( $ smbdpid , "smbd" ) ;
my $ nmbdchild = Samba:: cleanup_child ( $ nmbdpid , "nmbd" ) ;
my $ winbinddchild = Samba:: cleanup_child ( $ winbinddpid , "winbindd" ) ;
2021-06-18 19:11:19 +02:00
my $ samba_dcerpcdchild = Samba:: cleanup_child (
$ samba_dcerpcdpid , "samba-dcerpcd" ) ;
2012-03-05 11:12:00 +11:00
if ( $ smbdchild == - 1
&& $ nmbdchild == - 1
2021-06-18 19:11:19 +02:00
&& $ winbinddchild == - 1
&& $ samba_dcerpcdpid == - 1 ) {
2012-03-04 18:34:34 +11:00
last ;
}
2012-03-02 18:20:45 +11:00
sleep ( 1 ) ;
$ count + + ;
}
2021-06-18 19:11:19 +02:00
if ( $ count <= 20 &&
kill ( 0 , $ smbdpid , $ nmbdpid , $ winbinddpid , $ samba_dcerpcdpid ) == 0 ) {
2012-03-02 18:20:45 +11:00
return ;
}
2007-09-02 17:47:35 +00:00
$ self - > stop_sig_term ( $ smbdpid ) ;
$ self - > stop_sig_term ( $ nmbdpid ) ;
2009-01-28 17:28:51 +01:00
$ self - > stop_sig_term ( $ winbinddpid ) ;
2021-06-18 19:11:19 +02:00
$ self - > stop_sig_term ( $ samba_dcerpcdpid ) ;
2009-03-20 14:25:15 +01:00
2012-03-02 18:20:45 +11:00
$ count = 0 ;
2012-03-04 18:34:34 +11:00
until ( $ count > 10 ) {
2012-03-05 11:12:00 +11:00
my $ smbdchild = Samba:: cleanup_child ( $ smbdpid , "smbd" ) ;
my $ nmbdchild = Samba:: cleanup_child ( $ nmbdpid , "nmbd" ) ;
my $ winbinddchild = Samba:: cleanup_child ( $ winbinddpid , "winbindd" ) ;
2021-06-18 19:11:19 +02:00
my $ samba_dcerpcdpid = Samba:: cleanup_child (
$ samba_dcerpcdpid , "samba-dcerpcd" ) ;
2012-03-05 11:12:00 +11:00
if ( $ smbdchild == - 1
&& $ nmbdchild == - 1
2021-06-18 19:11:19 +02:00
&& $ winbinddchild == - 1
&& $ samba_dcerpcdpid == - 1 ) {
2012-03-04 18:34:34 +11:00
last ;
}
2012-03-02 18:20:45 +11:00
sleep ( 1 ) ;
$ count + + ;
}
2012-03-04 18:34:34 +11:00
2021-06-18 19:11:19 +02:00
if ( $ count <= 10 &&
kill ( 0 , $ smbdpid , $ nmbdpid , $ winbinddpid , $ samba_dcerpcdpid ) == 0 ) {
2012-03-02 18:20:45 +11:00
return ;
}
2009-03-20 14:25:15 +01:00
2012-03-02 18:20:45 +11:00
warn ( "timelimit process did not quit on SIGTERM, sending SIGKILL" ) ;
2007-09-02 17:47:35 +00:00
$ self - > stop_sig_kill ( $ smbdpid ) ;
$ self - > stop_sig_kill ( $ nmbdpid ) ;
2009-01-28 17:28:51 +01:00
$ self - > stop_sig_kill ( $ winbinddpid ) ;
2021-06-18 19:11:19 +02:00
$ self - > stop_sig_kill ( $ samba_dcerpcdpid ) ;
2007-04-18 00:12:39 +00:00
return 0 ;
}
2016-07-12 13:12:24 +02:00
sub teardown_env_ctdb ($$)
{
my ( $ self , $ data ) = @ _ ;
if ( defined ( $ data - > { SAMBA_NODES } ) ) {
my $ num_nodes = $ data - > { NUM_NODES } ;
my $ nodes = $ data - > { SAMBA_NODES } ;
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
if ( defined ( $ nodes - > [ $ i ] ) ) {
$ self - > teardown_env_samba ( $ nodes - > [ $ i ] ) ;
}
}
}
close ( $ data - > { CTDB_STDIN_PIPE } ) ;
if ( not defined ( $ data - > { SAMBA_NODES } ) ) {
# Give waiting children time to exit
sleep ( 5 ) ;
}
return 0 ;
}
2007-09-01 23:11:48 +00:00
sub getlog_env_app ($$$)
{
my ( $ self , $ envvars , $ name ) = @ _ ;
my $ title = "$name LOG of: $envvars->{NETBIOSNAME}\n" ;
my $ out = $ title ;
open ( LOG , "<" . $ envvars - > { $ name . "_TEST_LOG" } ) ;
seek ( LOG , $ envvars - > { $ name . "_TEST_LOG_POS" } , SEEK_SET ) ;
while ( <LOG> ) {
$ out . = $ _ ;
}
$ envvars - > { $ name . "_TEST_LOG_POS" } = tell ( LOG ) ;
close ( LOG ) ;
return "" if $ out eq $ title ;
2022-02-08 15:34:56 +01:00
2007-09-01 23:11:48 +00:00
return $ out ;
}
2007-04-18 14:02:26 +00:00
sub getlog_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2007-09-30 09:08:10 +00:00
my $ ret = "" ;
2007-04-18 14:02:26 +00:00
2007-09-30 09:08:10 +00:00
$ ret . = $ self - > getlog_env_app ( $ envvars , "SMBD" ) ;
$ ret . = $ self - > getlog_env_app ( $ envvars , "NMBD" ) ;
2009-01-28 17:28:51 +01:00
$ ret . = $ self - > getlog_env_app ( $ envvars , "WINBINDD" ) ;
2007-09-30 09:08:10 +00:00
return $ ret ;
2007-04-18 14:02:26 +00:00
}
2007-04-19 14:54:09 +00:00
sub check_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2012-03-02 18:20:45 +11:00
my $ childpid = waitpid ( - 1 , WNOHANG ) ;
2007-04-19 14:54:09 +00:00
# TODO ...
return 1 ;
}
2018-02-21 13:33:49 +13:00
# Declare the environments Samba3 makes available.
# To be set up, they will be called as
# samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...)
% Samba3:: ENV_DEPS = (
# name => [dep_1, dep_2, ...],
nt4_dc = > [] ,
2019-12-13 10:22:36 +00:00
nt4_dc_smb1 = > [] ,
2019-12-17 15:22:42 +00:00
nt4_dc_smb1_done = > [ "nt4_dc_smb1" ] ,
2018-02-21 13:33:49 +13:00
nt4_dc_schannel = > [] ,
simpleserver = > [] ,
fileserver = > [] ,
2019-12-04 11:50:48 +00:00
fileserver_smb1 = > [] ,
2019-12-17 15:26:08 +00:00
fileserver_smb1_done = > [ "fileserver_smb1" ] ,
2018-02-21 13:33:49 +13:00
maptoguest = > [] ,
ktest = > [] ,
nt4_member = > [ "nt4_dc" ] ,
2017-03-20 11:39:41 +01:00
ad_member = > [ "ad_dc" , "fl2008r2dc" , "fl2003dc" ] ,
2018-02-21 13:33:49 +13:00
ad_member_rfc2307 = > [ "ad_dc_ntvfs" ] ,
ad_member_idmap_rid = > [ "ad_dc" ] ,
2022-02-15 09:44:34 +01:00
admem_idmap_autorid = > [ "ad_dc" ] ,
2019-04-17 16:12:27 -07:00
ad_member_idmap_ad = > [ "fl2008r2dc" ] ,
2020-05-15 11:30:35 +02:00
ad_member_fips = > [ "ad_dc_fips" ] ,
2021-05-19 08:18:22 +02:00
ad_member_offlogon = > [ "ad_dc" ] ,
2020-10-08 14:00:44 +02:00
ad_member_oneway = > [ "fl2000dc" ] ,
2021-11-12 14:20:45 +13:00
ad_member_idmap_nss = > [ "ad_dc" ] ,
2022-11-23 14:10:36 +01:00
ad_member_s3_join = > [ "vampire_dc" ] ,
2016-07-12 13:12:24 +02:00
2020-10-16 16:09:33 +02:00
clusteredmember = > [ "nt4_dc" ] ,
2018-02-21 13:33:49 +13:00
) ;
2007-04-18 00:12:39 +00:00
2019-01-17 17:18:48 +13:00
% Samba3:: ENV_DEPS_POST = ( ) ;
2018-02-08 16:51:23 +13:00
sub setup_nt4_dc
2007-04-18 00:12:39 +00:00
{
2019-12-13 10:22:36 +00:00
my ( $ self , $ path , $ more_conf , $ server ) = @ _ ;
2007-03-21 15:57:07 +00:00
2015-03-06 09:34:11 +01:00
print "PROVISIONING NT4 DC..." ;
2009-01-28 20:30:16 +01:00
2015-03-06 09:34:11 +01:00
my $ nt4_dc_options = "
2009-01-28 20:30:16 +01:00
domain master = yes
domain logons = yes
2009-05-08 00:18:28 +02:00
lanman auth = yes
2016-07-21 09:26:27 +02:00
ntlm auth = yes
2016-03-26 22:08:38 +01:00
raw NTLMv2 auth = yes
2021-06-18 19:11:19 +02:00
rpc start on demand helpers = false
2012-03-06 22:04:55 +11:00
2022-12-22 16:46:15 +01:00
CVE_2020_1472:warn_about_unused_debug_level = 3
server require schannel : schannel0 \ $ = no
server require schannel : schannel1 \ $ = no
server require schannel : schannel2 \ $ = no
server require schannel : schannel3 \ $ = no
server require schannel : schannel4 \ $ = no
server require schannel : schannel5 \ $ = no
server require schannel : schannel6 \ $ = no
server require schannel : schannel7 \ $ = no
server require schannel : schannel8 \ $ = no
server require schannel : schannel9 \ $ = no
server require schannel : schannel10 \ $ = no
server require schannel : schannel11 \ $ = no
server require schannel : torturetest \ $ = no
2022-12-22 16:30:26 +01:00
server schannel require seal : schannel0 \ $ = no
server schannel require seal : schannel1 \ $ = no
server schannel require seal : schannel2 \ $ = no
server schannel require seal : schannel3 \ $ = no
server schannel require seal : schannel4 \ $ = no
server schannel require seal : schannel5 \ $ = no
server schannel require seal : schannel6 \ $ = no
server schannel require seal : schannel7 \ $ = no
server schannel require seal : schannel8 \ $ = no
server schannel require seal : schannel9 \ $ = no
server schannel require seal : schannel10 \ $ = no
server schannel require seal : schannel11 \ $ = no
server schannel require seal : torturetest \ $ = no
2022-08-12 10:55:42 +02:00
vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
2013-05-15 00:42:35 +02:00
fss: sequence timeout = 1
2018-01-11 17:52:06 +01:00
check parent directory delete on close = yes
2009-01-28 20:30:16 +01:00
" ;
2019-12-13 10:22:36 +00:00
if ( defined ( $ more_conf ) ) {
$ nt4_dc_options = $ nt4_dc_options . $ more_conf ;
}
if ( ! defined ( $ server ) ) {
$ server = "LOCALNT4DC2" ;
}
2020-01-24 10:45:52 +01:00
my $ vars = $ self - > provision (
prefix = > $ path ,
domain = > "SAMBA-TEST" ,
2019-12-13 10:22:36 +00:00
server = > $ server ,
2020-01-24 10:45:52 +01:00
password = > "localntdc2pass" ,
extra_options = > $ nt4_dc_options ) ;
2007-04-18 00:12:39 +00:00
2011-04-12 09:05:34 +10:00
$ vars or return undef ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ vars ,
2021-06-18 19:11:19 +02:00
samba_dcerpcd = > "yes" ,
2020-01-30 16:01:09 +01:00
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2011-04-12 09:05:34 +10:00
return undef ;
}
2007-04-18 00:12:39 +00:00
2018-02-26 14:56:27 +01:00
$ vars - > { DOMSID } = $ vars - > { SAMSID } ;
2011-02-21 16:01:44 +11:00
$ vars - > { DC_SERVER } = $ vars - > { SERVER } ;
$ vars - > { DC_SERVER_IP } = $ vars - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ vars - > { DC_SERVER_IPV6 } = $ vars - > { SERVER_IPV6 } ;
2011-02-21 16:01:44 +11:00
$ vars - > { DC_NETBIOSNAME } = $ vars - > { NETBIOSNAME } ;
$ vars - > { DC_USERNAME } = $ vars - > { USERNAME } ;
$ vars - > { DC_PASSWORD } = $ vars - > { PASSWORD } ;
2007-04-18 00:12:39 +00:00
return $ vars ;
}
2019-12-13 10:22:36 +00:00
sub setup_nt4_dc_smb1
{
my ( $ self , $ path ) = @ _ ;
my $ conf = "
[ global ]
client min protocol = CORE
server min protocol = LANMAN1
" ;
return $ self - > setup_nt4_dc ( $ path , $ conf , "LCLNT4DC2SMB1" ) ;
}
2019-12-17 15:22:42 +00:00
sub setup_nt4_dc_smb1_done
{
my ( $ self , $ path , $ dep_env ) = @ _ ;
return $ self - > return_alias_env ( $ path , $ dep_env ) ;
}
2018-02-08 16:51:23 +13:00
sub setup_nt4_dc_schannel
2015-02-16 08:56:28 +01:00
{
my ( $ self , $ path ) = @ _ ;
2015-03-06 09:39:54 +01:00
print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ..." ;
2015-02-16 08:56:28 +01:00
my $ pdc_options = "
domain master = yes
domain logons = yes
lanman auth = yes
server schannel = yes
2017-06-26 12:10:40 +02:00
# used to reproduce bug #12772
server max protocol = SMB2_02
2015-02-16 08:56:28 +01:00
" ;
2020-01-24 10:45:52 +01:00
my $ vars = $ self - > provision (
prefix = > $ path ,
domain = > "NT4SCHANNEL" ,
server = > "LOCALNT4DC9" ,
password = > "localntdc9pass" ,
extra_options = > $ pdc_options ) ;
2015-02-16 08:56:28 +01:00
$ vars or return undef ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ vars ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2015-02-16 08:56:28 +01:00
return undef ;
}
2018-02-26 14:56:27 +01:00
$ vars - > { DOMSID } = $ vars - > { SAMSID } ;
2015-02-16 08:56:28 +01:00
$ vars - > { DC_SERVER } = $ vars - > { SERVER } ;
$ vars - > { DC_SERVER_IP } = $ vars - > { SERVER_IP } ;
$ vars - > { DC_SERVER_IPV6 } = $ vars - > { SERVER_IPV6 } ;
$ vars - > { DC_NETBIOSNAME } = $ vars - > { NETBIOSNAME } ;
$ vars - > { DC_USERNAME } = $ vars - > { USERNAME } ;
$ vars - > { DC_PASSWORD } = $ vars - > { PASSWORD } ;
return $ vars ;
}
2018-02-08 16:51:23 +13:00
sub setup_nt4_member
2009-01-28 21:01:04 +01:00
{
2015-03-06 09:34:11 +01:00
my ( $ self , $ prefix , $ nt4_dc_vars ) = @ _ ;
2014-09-09 09:47:05 +02:00
my $ count = 0 ;
my $ rc ;
2009-01-28 21:01:04 +01:00
print "PROVISIONING MEMBER..." ;
2016-01-16 10:20:32 +01:00
my $ require_mutexes = "dbwrap_tdb_require_mutexes:* = yes" ;
2020-02-02 20:57:17 +13:00
if ( $ ENV { SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT } // '' eq "1" ) {
$ require_mutexes = "" ;
}
2016-01-16 10:20:32 +01:00
2009-01-28 21:01:04 +01:00
my $ member_options = "
security = domain
2013-05-13 11:14:26 +02:00
dbwrap_tdb_mutexes: * = yes
2016-01-16 10:20:32 +01:00
$ { require_mutexes }
2009-01-28 21:01:04 +01:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ nt4_dc_vars - > { DOMAIN } ,
server = > "LOCALNT4MEMBER3" ,
password = > "localnt4member3pass" ,
extra_options = > $ member_options ) ;
2009-01-28 21:01:04 +01:00
2011-04-12 09:05:34 +10:00
$ ret or return undef ;
2009-01-28 21:01:04 +01:00
2014-09-09 09:47:05 +02:00
my $ nmblookup = Samba:: bindir_path ( $ self , "nmblookup" ) ;
do {
print "Waiting for the LOGON SERVER registration ...\n" ;
$ rc = system ( "$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c" ) ;
if ( $ rc != 0 ) {
sleep ( 1 ) ;
}
$ count + + ;
} while ( $ rc != 0 && $ count < 10 ) ;
if ( $ count == 10 ) {
print "NMBD not reachable after 10 retries\n" ;
teardown_env ( $ self , $ ret ) ;
return 0 ;
}
2011-04-27 11:19:20 +10:00
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2009-01-28 21:01:04 +01:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2016-03-22 14:09:08 +01:00
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
2018-01-06 12:27:27 +01:00
$ cmd . = "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member" ;
2015-03-06 09:34:11 +01:00
$ cmd . = " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}" ;
2009-01-28 21:01:04 +01:00
2011-04-27 22:18:18 +10:00
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2009-01-28 21:01:04 +01:00
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
2019-12-07 22:38:30 +13:00
$ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2017-06-22 15:30:56 +02:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "check failed\n$cmd" ) ;
return undef ;
}
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2011-04-12 09:05:34 +10:00
return undef ;
}
2009-01-28 21:01:04 +01:00
2018-02-26 14:56:27 +01:00
$ ret - > { DOMSID } = $ nt4_dc_vars - > { DOMSID } ;
2015-03-06 09:34:11 +01:00
$ ret - > { DC_SERVER } = $ nt4_dc_vars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ nt4_dc_vars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ nt4_dc_vars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ nt4_dc_vars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ nt4_dc_vars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ nt4_dc_vars - > { PASSWORD } ;
2009-01-28 21:01:04 +01:00
return $ ret ;
}
2020-10-16 16:09:33 +02:00
sub setup_clusteredmember
2016-07-12 13:12:24 +02:00
{
my ( $ self , $ prefix , $ nt4_dc_vars ) = @ _ ;
my $ count = 0 ;
my $ rc ;
my @ retvals = ( ) ;
my $ ret ;
print "PROVISIONING CLUSTEREDMEMBER...\n" ;
my $ prefix_abs = abs_path ( $ prefix ) ;
mkdir ( $ prefix_abs , 0777 ) ;
my $ server_name = "CLUSTEREDMEMBER" ;
my $ ctdb_data = $ self - > setup_ctdb ( $ prefix ) ;
if ( not $ ctdb_data ) {
print "No ctdb data\n" ;
return undef ;
}
print "PROVISIONING CLUSTERED SAMBA...\n" ;
my $ num_nodes = $ ctdb_data - > { NUM_NODES } ;
my $ nodes = $ ctdb_data - > { CTDB_NODES } ;
# Enable cleanup of earlier nodes if a later node fails
$ ctdb_data - > { SAMBA_NODES } = \ @ retvals ;
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
my $ node = $ nodes - > [ $ i ] ;
my $ socket = $ node - > { SOCKET_FILE } ;
my $ server_name = $ node - > { SERVER_NAME } ;
my $ pub_iface = $ node - > { SOCKET_WRAPPER_DEFAULT_IFACE } ;
my $ node_prefix = $ node - > { NODE_PREFIX } ;
print "NODE_PREFIX=${node_prefix}\n" ;
print "SOCKET=${socket}\n" ;
my $ require_mutexes = "dbwrap_tdb_require_mutexes:* = yes" ;
if ( $ ENV { SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT } // '' eq "1" ) {
$ require_mutexes = "" ;
}
my $ member_options = "
security = domain
server signing = on
clustering = yes
ctdbd socket = $ { socket }
2021-07-30 11:43:08 +02:00
include = registry
2016-07-12 13:12:24 +02:00
dbwrap_tdb_mutexes: * = yes
$ { require_mutexes }
" ;
my $ node_ret = $ self - > provision (
prefix = > "$node_prefix" ,
domain = > $ nt4_dc_vars - > { DOMAIN } ,
server = > "$server_name" ,
password = > "clustermember8pass" ,
netbios_name = > "CLUSTEREDMEMBER" ,
share_dir = > "${prefix_abs}/shared" ,
extra_options = > $ member_options ,
no_delete_prefix = > 1 ) ;
if ( not $ node_ret ) {
print "Provision node $i failed\n" ;
teardown_env ( $ self , $ ctdb_data ) ;
return undef ;
}
2022-12-28 16:18:40 +01:00
my $ registry_share_template = "$node_ret->{SERVERCONFFILE}.registry_share_template" ;
unless ( open ( REGISTRYCONF , ">$registry_share_template" ) ) {
warn ( "Unable to open $registry_share_template" ) ;
teardown_env ( $ self , $ node_ret ) ;
teardown_env ( $ self , $ ctdb_data ) ;
return undef ;
}
print REGISTRYCONF "
[ registry_share ]
copy = tmp
comment = smb username is [ % U ]
" ;
close ( REGISTRYCONF ) ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
my $ cmd = "" ;
$ cmd . = "UID_WRAPPER_ROOT=1 " ;
$ cmd . = "$net conf import $node_ret->{CONFIGURATION} ${registry_share_template}" ;
my $ net_ret = system ( $ cmd ) ;
if ( $ net_ret != 0 ) {
warn ( "net conf import failed: $net_ret\n$cmd" ) ;
teardown_env ( $ self , $ node_ret ) ;
teardown_env ( $ self , $ ctdb_data ) ;
return undef ;
}
2016-07-12 13:12:24 +02:00
my $ nmblookup = Samba:: bindir_path ( $ self , "nmblookup" ) ;
do {
print "Waiting for the LOGON SERVER registration ...\n" ;
$ rc = system ( "$nmblookup $node_ret->{CONFIGURATION} " .
"$node_ret->{DOMAIN}\#1c" ) ;
if ( $ rc != 0 ) {
sleep ( 1 ) ;
}
$ count + + ;
} while ( $ rc != 0 && $ count < 10 ) ;
if ( $ count == 10 ) {
print "NMBD not reachable after 10 retries\n" ;
teardown_env ( $ self , $ node_ret ) ;
teardown_env ( $ self , $ ctdb_data ) ;
return undef ;
}
push ( @ retvals , $ node_ret ) ;
}
$ ret = { %$ ctdb_data , % { $ retvals [ 0 ] } } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
my $ cmd = "" ;
$ cmd . = "UID_WRAPPER_ROOT=1 " ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member" ;
$ cmd . = " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
teardown_env ( $ self , $ ret ) ;
return undef ;
}
for ( my $ i = 0 ; $ i < @ retvals ; $ i + + ) {
my $ node_provision = $ retvals [ $ i ] ;
my $ ok ;
$ ok = $ self - > check_or_start (
env_vars = > $ node_provision ,
winbindd = > "yes" ,
smbd = > "yes" ,
child_cleanup = > sub {
map {
my $ fh = $ _ - > { STDIN_PIPE } ;
close ( $ fh ) if defined ( $ fh ) ;
} @ retvals } ) ;
if ( not $ ok ) {
teardown_env ( $ self , $ ret ) ;
return undef ;
}
}
2020-02-04 19:44:11 +11:00
#
# Build a unclist for every share
#
unless ( open ( NODES , "<$ret->{CTDB_NODES_FILE}" ) ) {
warn ( "Unable to open CTDB nodes file" ) ;
teardown_env ( $ self , $ ret ) ;
return undef ;
}
my @ nodes = <NODES> ;
close ( NODES ) ;
chomp @ nodes ;
my $ conffile = $ ret - > { SERVERCONFFILE } ;
$ cmd = "" ;
$ cmd . = 'sed -n -e \'s|^\[\(.*\)\]$|\1|p\'' ;
$ cmd . = " \"$conffile\"" ;
$ cmd . = " | grep -vx 'global'" ;
my @ shares = `$cmd` ;
$ rc = $? ;
if ( $ rc != 0 ) {
warn ( "Listing shares failed\n$cmd" ) ;
teardown_env ( $ self , $ ret ) ;
return undef ;
}
chomp @ shares ;
my $ unclistdir = "${prefix_abs}/unclists" ;
mkdir ( $ unclistdir , 0777 ) ;
foreach my $ share ( @ shares ) {
my $ l = "${unclistdir}/${share}.txt" ;
unless ( open ( UNCLIST , ">${l}" ) ) {
warn ( "Unable to open UNC list ${l}" ) ;
teardown_env ( $ self , $ ret ) ;
return undef ;
}
foreach my $ node ( @ nodes ) {
print UNCLIST "//${node}/${share}\n" ;
}
close ( UNCLIST ) ;
}
2016-07-12 13:12:24 +02:00
$ ret - > { DOMSID } = $ nt4_dc_vars - > { DOMSID } ;
$ ret - > { DC_SERVER } = $ nt4_dc_vars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ nt4_dc_vars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ nt4_dc_vars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ nt4_dc_vars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ nt4_dc_vars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ nt4_dc_vars - > { PASSWORD } ;
return $ ret ;
}
2020-05-13 16:54:39 +02:00
sub provision_ad_member
2011-04-19 16:38:46 +10:00
{
2020-05-13 16:54:39 +02:00
my ( $ self ,
$ prefix ,
2021-05-11 17:59:51 +02:00
$ machine_account ,
2020-05-13 16:54:39 +02:00
$ dcvars ,
$ trustvars_f ,
2020-05-15 11:30:02 +02:00
$ trustvars_e ,
2021-10-05 12:31:29 +02:00
$ extra_member_options ,
2021-05-10 10:40:27 +02:00
$ force_fips_mode ,
2021-10-05 12:31:29 +02:00
$ offline_logon ,
$ no_nss_winbind ) = @ _ ;
if ( defined ( $ offline_logon ) && defined ( $ no_nss_winbind ) ) {
warn ( "Offline logon incompatible with no nss winbind\n" ) ;
return undef ;
}
2011-04-19 16:38:46 +10:00
2016-09-25 18:42:17 +02:00
my $ prefix_abs = abs_path ( $ prefix ) ;
my @ dirs = ( ) ;
mkdir ( $ prefix_abs , 0777 ) ;
my $ share_dir = "$prefix_abs/share" ;
push ( @ dirs , $ share_dir ) ;
2017-06-09 14:53:40 +02:00
my $ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}" ;
2016-09-25 18:42:17 +02:00
push ( @ dirs , $ substitution_path ) ;
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice" ;
2016-09-25 18:42:17 +02:00
push ( @ dirs , $ substitution_path ) ;
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users" ;
2016-09-25 18:42:17 +02:00
push ( @ dirs , $ substitution_path ) ;
2017-03-15 12:37:08 +01:00
# Using '/' as the winbind separator is a bad idea ...
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}" ;
2017-03-15 12:37:08 +01:00
push ( @ dirs , $ substitution_path ) ;
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice" ;
2017-03-15 12:37:08 +01:00
push ( @ dirs , $ substitution_path ) ;
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}" ;
2017-03-15 12:37:08 +01:00
push ( @ dirs , $ substitution_path ) ;
2017-06-09 14:53:40 +02:00
$ substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users" ;
2017-03-15 12:37:08 +01:00
push ( @ dirs , $ substitution_path ) ;
2022-09-02 11:48:08 +00:00
my $ smbcacls_sharedir = "$share_dir/smbcacls" ;
push ( @ dirs , $ smbcacls_sharedir ) ;
2021-05-10 10:40:27 +02:00
my $ option_offline_logon = "no" ;
if ( defined ( $ offline_logon ) ) {
$ option_offline_logon = "yes" ;
}
2021-06-10 16:20:28 +02:00
my $ netbios_aliases = "" ;
if ( $ machine_account eq "LOCALADMEMBER" ) {
$ netbios_aliases = "netbios aliases = foo bar" ;
}
2021-10-05 12:31:29 +02:00
unless ( defined ( $ extra_member_options ) ) {
$ extra_member_options = "" ;
}
2011-04-19 16:38:46 +10:00
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
2021-06-10 16:20:28 +02:00
$ netbios_aliases
2017-03-17 10:04:19 +01:00
template homedir = /home/ % D /%G/ % U
2019-01-22 09:16:05 +13:00
auth event notification = true
password server = $ dcvars - > { SERVER }
2019-09-18 08:02:38 +02:00
winbind scan trusted domains = no
2021-05-10 10:40:27 +02:00
winbind offline logon = $ option_offline_logon
2016-09-25 18:42:17 +02:00
2019-10-03 14:18:17 +02:00
allow dcerpc auth level connect : lsarpc = yes
dcesrv:max auth states = 8
2021-06-18 19:11:19 +02:00
rpc start on demand helpers = false
2019-10-03 14:18:17 +02:00
2021-10-05 12:31:29 +02:00
# Begin extra member options
$ extra_member_options
# End extra member options
2017-03-15 12:37:08 +01:00
[ sub_dug ]
2016-09-25 18:42:17 +02:00
path = $ share_dir /D_%D/ U_ % U / G_ % G
writeable = yes
2017-03-15 12:37:08 +01:00
[ sub_dug2 ]
path = $ share_dir /D_%D/ u_ % u / g_ % g
writeable = yes
2020-08-17 13:39:58 +02:00
[ sub_valid_users ]
path = $ share_dir
valid users = ADDOMAIN / % U
2020-10-19 16:20:04 +03:00
[ sub_valid_users_domain ]
path = $ share_dir
valid users = % D / % U
[ sub_valid_users_group ]
path = $ share_dir
valid users = \ @$ dcvars - > { DOMAIN } / % G
[ valid_users ]
path = $ share_dir
valid users = $ dcvars - > { DOMAIN } / $ dcvars - > { DC_USERNAME }
[ valid_users_group ]
path = $ share_dir
valid users = \ " \ @$ dcvars - > { DOMAIN } / domain users \ "
[ valid_users_unix_group ]
path = $ share_dir
valid users = \ " + $ dcvars - > { DOMAIN } / domain users \ "
2022-06-03 15:07:18 +02:00
[ valid_users_nis_group ]
path = $ share_dir
valid users = \ " & $ dcvars - > { DOMAIN } / domain users \ "
2020-10-19 16:20:04 +03:00
[ valid_users_unix_nis_group ]
path = $ share_dir
valid users = \ " + & $ dcvars - > { DOMAIN } / domain users \ "
[ valid_users_nis_unix_group ]
path = $ share_dir
valid users = \ " & + $ dcvars - > { DOMAIN } / domain users \ "
[ invalid_users ]
path = $ share_dir
invalid users = $ dcvars - > { DOMAIN } / $ dcvars - > { DC_USERNAME }
[ valid_and_invalid_users ]
path = $ share_dir
valid users = $ dcvars - > { DOMAIN } /$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/ alice
invalid users = $ dcvars - > { DOMAIN } / $ dcvars - > { DC_USERNAME }
2011-04-19 16:38:46 +10:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
2021-01-14 08:14:46 +01:00
realm = > $ dcvars - > { REALM } ,
2021-05-11 17:59:51 +02:00
server = > $ machine_account ,
2020-01-24 10:45:52 +01:00
password = > "loCalMemberPass" ,
extra_options = > $ member_options ,
2020-02-27 12:33:48 +01:00
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
2011-04-19 16:38:46 +10:00
$ ret or return undef ;
2016-09-25 18:42:17 +02:00
mkdir ( $ _ , 0777 ) foreach ( @ dirs ) ;
2011-04-19 16:38:46 +10:00
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
2018-02-26 14:56:27 +01:00
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
2011-04-19 16:38:46 +10:00
my $ ctx ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
2014-09-04 14:33:05 +02:00
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
2016-09-22 18:46:28 +02:00
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
2011-08-26 16:02:01 +10:00
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
2011-04-19 16:38:46 +10:00
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
2020-05-15 11:30:02 +02:00
if ( defined ( $ force_fips_mode ) ) {
$ ret - > { GNUTLS_FORCE_FIPS_MODE } = "1" ;
$ ret - > { OPENSSL_FORCE_FIPS_MODE } = "1" ;
}
2011-04-19 16:38:46 +10:00
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2011-04-19 16:38:46 +10:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-04 14:33:05 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2020-05-15 11:30:02 +02:00
if ( defined ( $ force_fips_mode ) ) {
$ cmd . = "GNUTLS_FORCE_FIPS_MODE=1 " ;
$ cmd . = "OPENSSL_FORCE_FIPS_MODE=1 " ;
}
2019-10-30 18:17:36 +01:00
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
2011-04-19 16:38:46 +10:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-03-22 14:09:08 +01:00
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
2013-02-21 12:33:23 -07:00
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
2021-01-19 07:49:26 +01:00
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required" ;
2013-02-21 12:33:23 -07:00
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
2021-05-10 10:40:31 +02:00
if ( defined ( $ offline_logon ) ) {
my $ wbinfo = Samba:: bindir_path ( $ self , "wbinfo" ) ;
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
winbindd = > "yes" ) ) {
return undef ;
}
# Fill samlogoncache for alice
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$wbinfo --pam-logon=ADDOMAIN/alice%Secret007" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Filling the cache failed\n$cmd" ) ;
return undef ;
}
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$wbinfo --ccache-save=ADDOMAIN/alice%Secret007" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Filling the cache failed\n$cmd" ) ;
return undef ;
}
# Fill samlogoncache for bob
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$wbinfo --pam-logon=ADDOMAIN/bob%Secret007" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Filling the cache failed\n$cmd" ) ;
return undef ;
}
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$wbinfo --ccache-save=ADDOMAIN/bob%Secret007" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Filling the cache failed\n$cmd" ) ;
return undef ;
}
# Set windindd offline
my $ smbcontrol = Samba:: bindir_path ( $ self , "smbcontrol" ) ;
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "UID_WRAPPER_ROOT='1' " ;
$ cmd . = "$smbcontrol $ret->{CONFIGURATION} winbindd offline" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Setting winbindd offline failed\n$cmd" ) ;
return undef ;
}
# Validate the offline cache
$ cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = "UID_WRAPPER_ROOT='1' " ;
$ cmd . = "$smbcontrol $ret->{CONFIGURATION} winbindd validate-cache" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Validation of winbind credential cache failed\n$cmd" ) ;
teardown_env ( $ self , $ ret ) ;
return undef ;
}
# Shut down winbindd
teardown_env ( $ self , $ ret ) ;
### Change SOCKET_WRAPPER_DIR so it can't connect to AD
my $ swrap_env = $ ENV { SOCKET_WRAPPER_DIR } ;
$ ENV { SOCKET_WRAPPER_DIR } = "$prefix_abs" ;
# Start winbindd in offline mode
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
2021-10-05 16:42:00 +02:00
winbindd = > "offline" ) ) {
2021-05-10 10:40:31 +02:00
return undef ;
}
# Set socket dir again
$ ENV { SOCKET_WRAPPER_DIR } = $ swrap_env ;
} else {
2021-10-05 12:31:29 +02:00
if ( defined ( $ no_nss_winbind ) ) {
$ ret - > { NSS_WRAPPER_MODULE_SO_PATH } = "" ;
$ ret - > { NSS_WRAPPER_MODULE_FN_PREFIX } = "" ;
}
2021-05-10 10:40:31 +02:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
2021-06-18 19:11:19 +02:00
samba_dcerpcd = > "yes" ,
2021-05-10 10:40:31 +02:00
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
return undef ;
}
2013-02-21 12:33:23 -07:00
}
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
2019-01-22 09:16:05 +13:00
$ ret - > { DC_SERVERCONFFILE } = $ dcvars - > { SERVERCONFFILE } ;
2013-02-21 12:33:23 -07:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
2017-03-20 11:39:41 +01:00
# forest trust
$ ret - > { TRUST_F_BOTH_SERVER } = $ trustvars_f - > { SERVER } ;
$ ret - > { TRUST_F_BOTH_SERVER_IP } = $ trustvars_f - > { SERVER_IP } ;
$ ret - > { TRUST_F_BOTH_SERVER_IPV6 } = $ trustvars_f - > { SERVER_IPV6 } ;
$ ret - > { TRUST_F_BOTH_NETBIOSNAME } = $ trustvars_f - > { NETBIOSNAME } ;
$ ret - > { TRUST_F_BOTH_USERNAME } = $ trustvars_f - > { USERNAME } ;
$ ret - > { TRUST_F_BOTH_PASSWORD } = $ trustvars_f - > { PASSWORD } ;
$ ret - > { TRUST_F_BOTH_DOMAIN } = $ trustvars_f - > { DOMAIN } ;
$ ret - > { TRUST_F_BOTH_REALM } = $ trustvars_f - > { REALM } ;
# external trust
$ ret - > { TRUST_E_BOTH_SERVER } = $ trustvars_e - > { SERVER } ;
$ ret - > { TRUST_E_BOTH_SERVER_IP } = $ trustvars_e - > { SERVER_IP } ;
$ ret - > { TRUST_E_BOTH_SERVER_IPV6 } = $ trustvars_e - > { SERVER_IPV6 } ;
$ ret - > { TRUST_E_BOTH_NETBIOSNAME } = $ trustvars_e - > { NETBIOSNAME } ;
$ ret - > { TRUST_E_BOTH_USERNAME } = $ trustvars_e - > { USERNAME } ;
$ ret - > { TRUST_E_BOTH_PASSWORD } = $ trustvars_e - > { PASSWORD } ;
$ ret - > { TRUST_E_BOTH_DOMAIN } = $ trustvars_e - > { DOMAIN } ;
$ ret - > { TRUST_E_BOTH_REALM } = $ trustvars_e - > { REALM } ;
2013-02-21 12:33:23 -07:00
return $ ret ;
}
2020-05-13 16:54:39 +02:00
sub setup_ad_member
{
my ( $ self ,
$ prefix ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING AD MEMBER..." ;
2021-05-11 17:59:51 +02:00
return $ self - > provision_ad_member ( $ prefix ,
"LOCALADMEMBER" ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) ;
2020-05-13 16:54:39 +02:00
}
2021-11-23 08:59:01 -07:00
sub setup_ad_member_s3_join
{
my ( $ self ,
$ prefix ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING AD MEMBER..." ;
return $ self - > provision_ad_member ( $ prefix ,
"LOCALADMEMBER2" ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) ;
}
2018-02-21 13:33:49 +13:00
sub setup_ad_member_rfc2307
2013-02-21 12:33:23 -07:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..." ;
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
2017-04-04 17:15:10 +02:00
idmap cache time = 0
idmap negative cache time = 0
2016-06-24 18:33:01 +02:00
idmap config * : backend = autorid
idmap config * : range = 1000000 - 1999999
idmap config * : rangesize = 100000
2013-02-21 12:33:23 -07:00
idmap config $ dcvars - > { DOMAIN } : backend = rfc2307
idmap config $ dcvars - > { DOMAIN } : range = 2000000 - 2999999
idmap config $ dcvars - > { DOMAIN } : ldap_server = ad
idmap config $ dcvars - > { DOMAIN } : bind_path_user = ou = idmap , dc = samba , dc = example , dc = com
idmap config $ dcvars - > { DOMAIN } : bind_path_group = ou = idmap , dc = samba , dc = example , dc = com
2017-07-01 21:44:38 +12:00
password server = $ dcvars - > { SERVER }
2013-02-21 12:33:23 -07:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
2021-01-14 08:14:46 +01:00
realm = > $ dcvars - > { REALM } ,
2020-01-24 10:45:52 +01:00
server = > "RFC2307MEMBER" ,
password = > "loCalMemberPass" ,
extra_options = > $ member_options ,
2020-02-27 12:33:48 +01:00
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
2013-02-21 12:33:23 -07:00
$ ret or return undef ;
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
2018-02-26 14:56:27 +01:00
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
2017-04-05 13:27:14 +02:00
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2017-04-05 13:27:14 +02:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2019-10-30 18:17:36 +01:00
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
2017-04-05 13:27:14 +02:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2017-04-05 13:27:14 +02:00
return undef ;
}
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
return $ ret ;
}
2022-02-15 09:44:34 +01:00
sub setup_admem_idmap_autorid
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING S3 AD MEMBER WITH idmap_autorid config..." ;
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
idmap config * : backend = autorid
idmap config * : range = 1000000 - 19999999
idmap config * : rangesize = 1000000
2023-06-30 12:04:33 +02:00
# Prevent overriding the provisioned lib/krb5.conf which sets certain
2022-02-15 09:44:34 +01:00
# values required for tests to succeed
create krb5 conf = no
" ;
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
realm = > $ dcvars - > { REALM } ,
server = > "ADMEMAUTORID" ,
password = > "loCalMemberPass" ,
extra_options = > $ member_options ,
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
$ ret or return undef ;
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
return undef ;
}
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
return $ ret ;
}
2018-02-08 16:51:23 +13:00
sub setup_ad_member_idmap_rid
2017-04-05 13:27:14 +02:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING S3 AD MEMBER WITH idmap_rid config..." ;
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config $ dcvars - > { DOMAIN } : backend = rid
idmap config $ dcvars - > { DOMAIN } : range = 2000000 - 2999999
2023-06-30 12:04:33 +02:00
# Prevent overriding the provisioned lib/krb5.conf which sets certain
2018-12-11 10:43:13 -05:00
# values required for tests to succeed
create krb5 conf = no
2019-05-16 12:43:40 +02:00
map to guest = bad user
2023-02-27 17:03:31 +01:00
winbind expand groups = 10
2023-06-20 12:46:31 +02:00
server signing = required
2017-04-05 13:27:14 +02:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
2021-01-14 08:14:46 +01:00
realm = > $ dcvars - > { REALM } ,
2020-01-24 10:45:52 +01:00
server = > "IDMAPRIDMEMBER" ,
password = > "loCalMemberPass" ,
extra_options = > $ member_options ,
2020-02-27 12:33:48 +01:00
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
2017-07-10 16:19:18 +02:00
$ ret or return undef ;
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
2018-02-26 14:56:27 +01:00
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
2017-07-10 16:19:18 +02:00
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2017-07-10 16:19:18 +02:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2019-10-30 18:17:36 +01:00
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
2017-07-10 16:19:18 +02:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2017-07-10 16:19:18 +02:00
return undef ;
}
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
return $ ret ;
}
2018-02-08 16:51:23 +13:00
sub setup_ad_member_idmap_ad
2017-07-10 16:19:18 +02:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING S3 AD MEMBER WITH idmap_ad config..." ;
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
password server = $ dcvars - > { SERVER }
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config $ dcvars - > { DOMAIN } : backend = ad
idmap config $ dcvars - > { DOMAIN } : range = 2000000 - 2999999
2020-08-30 11:45:56 +02:00
idmap config $ dcvars - > { DOMAIN } : unix_primary_group = yes
idmap config $ dcvars - > { DOMAIN } : unix_nss_info = yes
2023-03-07 17:21:56 +01:00
idmap config $ dcvars - > { DOMAIN } : deny ous = \ " ou = sub , DC = samba2008r2 , DC = example , DC = com \ "
2019-04-22 16:07:02 -07:00
idmap config $ dcvars - > { TRUST_DOMAIN } : backend = ad
idmap config $ dcvars - > { TRUST_DOMAIN } : range = 2000000 - 2999999
2020-08-13 14:59:58 +02:00
gensec_gssapi:requested_life_time = 5
2017-07-10 16:19:18 +02:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
2021-01-14 08:14:46 +01:00
realm = > $ dcvars - > { REALM } ,
2020-01-24 10:45:52 +01:00
server = > "IDMAPADMEMBER" ,
password = > "loCalMemberPass" ,
extra_options = > $ member_options ,
2020-02-27 12:33:48 +01:00
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
2017-04-05 13:27:14 +02:00
$ ret or return undef ;
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
2018-02-26 14:56:27 +01:00
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
2013-02-21 12:33:23 -07:00
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
2014-09-04 14:33:05 +02:00
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
2016-09-22 18:46:28 +02:00
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
2013-02-21 12:33:23 -07:00
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
2018-08-31 20:22:54 +12:00
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
2013-02-21 12:33:23 -07:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-04 14:33:05 +02:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2019-10-30 18:17:36 +01:00
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
2013-02-21 12:33:23 -07:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-03-22 14:09:08 +01:00
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
2011-04-19 16:38:46 +10:00
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
2011-04-27 22:18:18 +10:00
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2011-04-19 16:38:46 +10:00
2011-04-29 15:54:20 +10:00
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by Samba4 can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
winbindd = > "yes" ,
smbd = > "yes" ) ) {
2012-11-23 00:02:33 +01:00
return undef ;
}
2011-04-19 16:38:46 +10:00
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
2014-06-19 17:21:16 +02:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
2011-04-19 16:38:46 +10:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
2019-04-18 13:04:09 -07:00
$ ret - > { TRUST_SERVER } = $ dcvars - > { TRUST_SERVER } ;
$ ret - > { TRUST_USERNAME } = $ dcvars - > { TRUST_USERNAME } ;
$ ret - > { TRUST_PASSWORD } = $ dcvars - > { TRUST_PASSWORD } ;
$ ret - > { TRUST_DOMAIN } = $ dcvars - > { TRUST_DOMAIN } ;
$ ret - > { TRUST_REALM } = $ dcvars - > { TRUST_REALM } ;
$ ret - > { TRUST_DOMSID } = $ dcvars - > { TRUST_DOMSID } ;
2011-04-19 16:38:46 +10:00
return $ ret ;
}
2020-10-08 14:00:44 +02:00
sub setup_ad_member_oneway
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING S3 AD MEMBER WITH one-way trust..." ;
my $ member_options = "
security = ads
workgroup = $ dcvars - > { DOMAIN }
realm = $ dcvars - > { REALM }
password server = $ dcvars - > { SERVER }
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
gensec_gssapi:requested_life_time = 5
" ;
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > $ dcvars - > { DOMAIN } ,
server = > "S2KMEMBER" ,
password = > "loCalS2KMemberPass" ,
extra_options = > $ member_options ,
resolv_conf = > $ dcvars - > { RESOLV_CONF } ) ;
$ ret or return undef ;
$ ret - > { DOMAIN } = $ dcvars - > { DOMAIN } ;
$ ret - > { REALM } = $ dcvars - > { REALM } ;
$ ret - > { DOMSID } = $ dcvars - > { DOMSID } ;
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = $ dcvars - > { DOMAIN } ;
$ ctx - > { realm } = $ dcvars - > { REALM } ;
$ ctx - > { dnsname } = lc ( $ dcvars - > { REALM } ) ;
$ ctx - > { kdc_ipv4 } = $ dcvars - > { SERVER_IP } ;
$ ctx - > { kdc_ipv6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
# Add hosts file for name lookups
my $ cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' " ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
$ cmd . = "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ cmd . = "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" " ;
$ cmd . = "$net join $ret->{CONFIGURATION}" ;
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
if ( system ( $ cmd ) != 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
winbindd = > "yes" ) ) {
return undef ;
}
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
$ ret - > { TRUST_SERVER } = $ dcvars - > { TRUST_SERVER } ;
$ ret - > { TRUST_USERNAME } = $ dcvars - > { TRUST_USERNAME } ;
$ ret - > { TRUST_PASSWORD } = $ dcvars - > { TRUST_PASSWORD } ;
$ ret - > { TRUST_DOMAIN } = $ dcvars - > { TRUST_DOMAIN } ;
$ ret - > { TRUST_REALM } = $ dcvars - > { TRUST_REALM } ;
$ ret - > { TRUST_DOMSID } = $ dcvars - > { TRUST_DOMSID } ;
return $ ret ;
}
2020-05-15 11:30:35 +02:00
sub setup_ad_member_fips
{
my ( $ self ,
$ prefix ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING AD FIPS MEMBER..." ;
return $ self - > provision_ad_member ( $ prefix ,
2021-05-11 17:59:51 +02:00
"FIPSADMEMBER" ,
2020-05-15 11:30:35 +02:00
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ,
2021-10-05 12:31:29 +02:00
undef ,
2020-05-15 11:30:35 +02:00
1 ) ;
}
2021-05-19 08:18:22 +02:00
sub setup_ad_member_offlogon
2021-05-10 10:37:11 +02:00
{
my ( $ self ,
$ prefix ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
print "PROVISIONING AD MEMBER OFFLINE LOGON..." ;
return $ self - > provision_ad_member ( $ prefix ,
"OFFLINEADMEM" ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ,
2021-05-10 10:40:27 +02:00
undef ,
2021-10-05 12:31:29 +02:00
undef ,
2021-05-10 10:40:27 +02:00
1 ) ;
2021-05-10 10:37:11 +02:00
}
2021-11-12 14:20:45 +13:00
sub setup_ad_member_idmap_nss
2021-10-05 12:31:29 +02:00
{
my ( $ self ,
$ prefix ,
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ) = @ _ ;
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
2021-11-12 14:20:45 +13:00
print "PROVISIONING AD MEMBER WITHOUT NSS WINBIND WITH idmap_nss config..." ;
2021-10-05 12:31:29 +02:00
my $ extra_member_options = "
2021-11-12 14:20:45 +13:00
# bob:x:65521:65531:localbob gecos:/:/bin/false
# jane:x:65520:65531:localjane gecos:/:/bin/false
2022-04-01 15:56:30 +02:00
# jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false
# jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false
2021-11-12 14:20:45 +13:00
idmap config $ dcvars - > { DOMAIN } : backend = nss
2022-04-01 15:56:30 +02:00
idmap config $ dcvars - > { DOMAIN } : range = 65518 - 65521
2021-11-12 14:20:45 +13:00
# Support SMB1 so that we can use posix_whoami().
client min protocol = CORE
server min protocol = LANMAN1
2021-10-05 12:31:29 +02:00
username map = $ prefix /lib/ username . map
" ;
my $ ret = $ self - > provision_ad_member ( $ prefix ,
2021-11-12 14:20:45 +13:00
"ADMEMIDMAPNSS" ,
2021-10-05 12:31:29 +02:00
$ dcvars ,
$ trustvars_f ,
$ trustvars_e ,
$ extra_member_options ,
undef ,
undef ,
1 ) ;
open ( USERMAP , ">$prefix/lib/username.map" ) or die ( "Unable to open $prefix/lib/username.map" ) ;
print USERMAP "
2022-04-05 08:31:41 +02:00
! jacknomapper = \ @ jackthemappergroup
! root = jacknomappergroup
2021-10-05 12:31:29 +02:00
root = $ dcvars - > { DOMAIN } / root
2021-11-12 14:20:45 +13:00
bob = $ dcvars - > { DOMAIN } / bob
2021-10-05 12:31:29 +02:00
" ;
close ( USERMAP ) ;
return $ ret ;
}
2018-02-08 16:51:23 +13:00
sub setup_simpleserver
2011-02-18 18:52:00 +11:00
{
my ( $ self , $ path ) = @ _ ;
2015-05-15 09:43:29 +02:00
print "PROVISIONING simple server..." ;
2011-02-18 18:52:00 +11:00
2012-08-21 19:22:54 +10:00
my $ prefix_abs = abs_path ( $ path ) ;
2021-07-20 17:50:49 -07:00
mkdir ( $ prefix_abs , 0777 ) ;
my $ external_streams_depot = "$prefix_abs/external_streams_depot" ;
remove_tree ( $ external_streams_depot ) ;
mkdir ( $ external_streams_depot , 0777 ) ;
2012-08-21 19:22:54 +10:00
2012-09-26 10:40:17 +10:00
my $ simpleserver_options = "
2011-02-18 18:52:00 +11:00
lanman auth = yes
2016-07-21 09:26:27 +02:00
ntlm auth = yes
2018-08-10 10:38:28 -07:00
vfs objects = xattr_tdb streams_depot
2015-08-12 11:35:27 +02:00
change notify = no
2020-09-08 10:15:22 +02:00
server smb encrypt = off
2023-09-04 16:29:46 +02:00
allow trusted domains = no
2012-08-21 19:22:54 +10:00
2018-04-20 11:27:30 +02:00
[ vfs_aio_pthread ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = no
2018-04-20 11:27:30 +02:00
2018-07-26 18:13:44 +02:00
[ vfs_aio_pthread_async_dosmode_default1 ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread
store dos attributes = yes
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = yes
2018-07-26 18:13:44 +02:00
[ vfs_aio_pthread_async_dosmode_default2 ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread xattr_tdb
store dos attributes = yes
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = yes
2018-07-26 18:13:44 +02:00
2022-01-25 17:59:37 +01:00
[ async_dosmode_shadow_copy2 ]
path = $ prefix_abs / share
read only = no
vfs objects = shadow_copy2 xattr_tdb
smbd async dosmode = yes
2012-08-21 19:22:54 +10:00
[ vfs_aio_fork ]
path = $ prefix_abs / share
2013-05-22 16:13:21 +10:00
vfs objects = aio_fork
2012-08-21 19:22:54 +10:00
read only = no
vfs_aio_fork:erratic_testing_mode = yes
2016-06-23 19:13:05 +02:00
[ dosmode ]
path = $ prefix_abs / share
vfs objects =
store dos attributes = yes
hide files = /hidefile/
hide dot files = yes
2017-01-17 17:23:51 +01:00
2018-11-08 13:27:58 +01:00
[ hidenewfiles ]
path = $ prefix_abs / share
hide new files timeout = 5
2021-07-20 17:50:49 -07:00
[ external_streams_depot ]
path = $ prefix_abs / share
read only = no
streams_depot:directory = $ external_streams_depot
2011-02-18 18:52:00 +11:00
" ;
2020-01-24 10:45:52 +01:00
my $ vars = $ self - > provision (
prefix = > $ path ,
domain = > "WORKGROUP" ,
server = > "LOCALSHARE4" ,
password = > "local4pass" ,
extra_options = > $ simpleserver_options ) ;
2011-02-18 18:52:00 +11:00
2011-04-12 09:05:34 +10:00
$ vars or return undef ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ vars ,
nmbd = > "yes" ,
smbd = > "yes" ) ) {
2011-04-12 09:05:34 +10:00
return undef ;
}
2011-02-18 18:52:00 +11:00
return $ vars ;
}
2020-01-23 16:07:59 +01:00
sub create_file_chmod ($$)
{
my ( $ name , $ mode ) = @ _ ;
my $ fh ;
unless ( open ( $ fh , '>' , $ name ) ) {
warn ( "Unable to open $name" ) ;
return undef ;
}
chmod ( $ mode , $ fh ) ;
}
2018-02-08 16:51:23 +13:00
sub setup_fileserver
2015-05-15 09:43:29 +02:00
{
2019-12-04 11:50:48 +00:00
my ( $ self , $ path , $ more_conf , $ server ) = @ _ ;
2015-05-15 09:43:29 +02:00
my $ prefix_abs = abs_path ( $ path ) ;
2015-07-14 16:30:35 +02:00
my $ srcdir_abs = abs_path ( $ self - > { srcdir } ) ;
2015-05-15 09:43:29 +02:00
print "PROVISIONING file server ...\n" ;
my @ dirs = ( ) ;
mkdir ( $ prefix_abs , 0777 ) ;
2017-06-22 14:17:07 +02:00
my $ usershare_dir = "$prefix_abs/lib/usershare" ;
mkdir ( "$prefix_abs/lib" , 0755 ) ;
remove_tree ( $ usershare_dir ) ;
mkdir ( $ usershare_dir , 01770 ) ;
2015-05-15 09:43:29 +02:00
my $ share_dir = "$prefix_abs/share" ;
# Create share directory structure
my $ lower_case_share_dir = "$share_dir/lower-case" ;
push ( @ dirs , $ lower_case_share_dir ) ;
my $ lower_case_share_dir_30000 = "$share_dir/lower-case-30000" ;
push ( @ dirs , $ lower_case_share_dir_30000 ) ;
2015-07-14 16:30:35 +02:00
my $ dfree_share_dir = "$share_dir/dfree" ;
push ( @ dirs , $ dfree_share_dir ) ;
2016-01-06 00:12:36 +02:00
push ( @ dirs , "$dfree_share_dir/subdir1" ) ;
push ( @ dirs , "$dfree_share_dir/subdir2" ) ;
2016-08-11 23:54:22 +03:00
push ( @ dirs , "$dfree_share_dir/subdir3" ) ;
2015-07-14 16:30:35 +02:00
2017-03-21 08:29:59 +00:00
my $ quotadir_dir = "$share_dir/quota" ;
push ( @ dirs , $ quotadir_dir ) ;
2015-07-28 11:28:20 -07:00
my $ valid_users_sharedir = "$share_dir/valid_users" ;
push ( @ dirs , $ valid_users_sharedir ) ;
2015-11-04 12:06:03 +02:00
my $ offline_sharedir = "$share_dir/offline" ;
push ( @ dirs , $ offline_sharedir ) ;
2015-12-04 14:50:56 +01:00
my $ force_user_valid_users_dir = "$share_dir/force_user_valid_users" ;
push ( @ dirs , $ force_user_valid_users_dir ) ;
2017-06-26 23:18:30 +02:00
my $ tarmode_sharedir = "$share_dir/tarmode" ;
push ( @ dirs , $ tarmode_sharedir ) ;
2020-11-26 17:31:50 +00:00
my $ tarmode2_sharedir = "$share_dir/tarmode2" ;
push ( @ dirs , $ tarmode2_sharedir ) ;
2020-06-30 18:03:42 +01:00
my $ smbcacls_sharedir = "$share_dir/smbcacls" ;
push ( @ dirs , $ smbcacls_sharedir ) ;
2017-06-22 14:17:07 +02:00
my $ usershare_sharedir = "$share_dir/usershares" ;
push ( @ dirs , $ usershare_sharedir ) ;
2020-02-13 13:48:17 +01:00
my $ dropbox_sharedir = "$share_dir/dropbox" ;
push ( @ dirs , $ dropbox_sharedir ) ;
2020-05-11 14:10:54 -07:00
my $ bad_iconv_sharedir = "$share_dir/bad_iconv" ;
push ( @ dirs , $ bad_iconv_sharedir ) ;
2021-10-21 15:06:20 -07:00
my $ veto_sharedir = "$share_dir/veto" ;
push ( @ dirs , $ veto_sharedir ) ;
2022-02-08 15:35:48 +01:00
my $ virusfilter_sharedir = "$share_dir/virusfilter" ;
push ( @ dirs , $ virusfilter_sharedir ) ;
2022-03-21 13:45:25 -07:00
my $ delete_unwrite_sharedir = "$share_dir/delete_unwrite" ;
push ( @ dirs , $ delete_unwrite_sharedir ) ;
push ( @ dirs , "$delete_unwrite_sharedir/delete_veto_yes" ) ;
push ( @ dirs , "$delete_unwrite_sharedir/delete_veto_no" ) ;
2022-05-31 21:13:25 +02:00
my $ volume_serial_number_sharedir = "$share_dir/volume_serial_number" ;
push ( @ dirs , $ volume_serial_number_sharedir ) ;
2019-01-23 22:29:19 +01:00
my $ ip4 = Samba:: get_ipv4_addr ( "FILESERVER" ) ;
2015-05-15 09:43:29 +02:00
my $ fileserver_options = "
2023-11-08 17:49:19 +01:00
smb3 unix extensions = yes
2017-07-13 16:01:53 +02:00
kernel change notify = yes
2019-07-28 15:25:54 +02:00
spotlight backend = elasticsearch
2019-01-23 22:29:19 +01:00
elasticsearch:address = $ ip4
2019-07-28 15:25:54 +02:00
elasticsearch:port = 8080
2019-10-15 13:38:16 +02:00
elasticsearch:mappings = $ srcdir_abs /source3/ rpc_server /mdssvc/ elasticsearch_mappings . json
2017-07-13 16:01:53 +02:00
2017-06-22 14:17:07 +02:00
usershare path = $ usershare_dir
usershare max shares = 10
usershare allow guests = yes
usershare prefix allow list = $ usershare_sharedir
2017-03-21 08:29:59 +00:00
get quota command = $ prefix_abs / getset_quota . py
set quota command = $ prefix_abs / getset_quota . py
2020-11-26 17:31:50 +00:00
[ tarmode ]
path = $ tarmode_sharedir
comment = tar test share
xattr_tdb:file = $ prefix_abs / tarmode - xattr . tdb
[ tarmode2 ]
path = $ tarmode2_sharedir
comment = tar test share
xattr_tdb:file = $ prefix_abs / tarmode2 - xattr . tdb
2019-04-16 16:54:21 +02:00
[ spotlight ]
path = $ share_dir
spotlight = yes
read only = no
[ no_spotlight ]
path = $ share_dir
spotlight = no
read only = no
2015-05-15 09:43:29 +02:00
[ lowercase ]
path = $ lower_case_share_dir
comment = smb username is [ % U ]
case sensitive = True
default case = lower
preserve case = no
short preserve case = no
[ lowercase - 30000 ]
path = $ lower_case_share_dir_30000
comment = smb username is [ % U ]
case sensitive = True
default case = lower
preserve case = no
short preserve case = no
2015-07-14 16:30:35 +02:00
[ dfree ]
path = $ dfree_share_dir
comment = smb username is [ % U ]
dfree command = $ srcdir_abs /testprogs/ blackbox / dfree . sh
2015-07-28 11:28:20 -07:00
[ valid - users - access ]
path = $ valid_users_sharedir
2015-10-14 11:20:08 -07:00
valid users = + userdup
2015-11-04 12:06:03 +02:00
[ offline ]
path = $ offline_sharedir
vfs objects = offline
2015-12-04 14:50:56 +01:00
# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
[ force_user_valid_users ]
path = $ force_user_valid_users_dir
comment = force user with valid users combination test share
valid users = + force_user
force user = force_user
force group = everyone
write list = force_user
2016-02-06 10:30:29 +01:00
2016-03-21 23:13:25 +02:00
[ ign_sysacls ]
path = $ share_dir
comment = ignore system acls
acl_xattr:ignore system acls = yes
2016-08-10 04:58:45 +03:00
[ inherit_owner ]
path = $ share_dir
comment = inherit owner
inherit owner = yes
2016-08-10 05:00:23 +03:00
[ inherit_owner_u ]
path = $ share_dir
comment = inherit only unix owner
inherit owner = unix only
acl_xattr:ignore system acls = yes
2019-01-24 10:15:56 -08:00
# BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
[ force_group_test ]
path = $ share_dir
comment = force group test
# force group = everyone
2020-02-12 16:30:01 +01:00
[ create_mode_664 ]
path = $ share_dir
comment = smb username is [ % U ]
create mask = 0644
force create mode = 0664
vfs objects = dirsort
2020-02-13 13:48:17 +01:00
[ dropbox ]
path = $ dropbox_sharedir
comment = smb username is [ % U ]
writeable = yes
vfs objects =
2020-05-11 14:10:54 -07:00
[ bad_iconv ]
path = $ bad_iconv_sharedir
comment = smb username is [ % U ]
vfs objects =
2021-10-21 15:06:20 -07:00
[ veto_files_nodelete ]
path = $ veto_sharedir
read only = no
msdfs root = yes
veto files = /veto_name*/
delete veto files = no
[ veto_files_delete ]
path = $ veto_sharedir
msdfs root = yes
veto files = /veto_name*/
delete veto files = yes
2021-10-21 16:37:27 -07:00
[ delete_veto_files_only ]
path = $ veto_sharedir
delete veto files = yes
2023-04-19 15:35:47 +02:00
[ veto_files_nohidden ]
path = $ veto_sharedir
veto files = /.*/
2022-08-11 09:51:11 -07:00
[ veto_files ]
path = $ veto_sharedir
veto files = /veto_name*/
2022-03-21 13:45:25 -07:00
[ delete_yes_unwrite ]
read only = no
path = $ delete_unwrite_sharedir
hide unwriteable files = yes
delete veto files = yes
[ delete_no_unwrite ]
read only = no
path = $ delete_unwrite_sharedir
hide unwriteable files = yes
delete veto files = no
2022-02-08 15:35:48 +01:00
[ virusfilter ]
path = $ virusfilter_sharedir
vfs objects = acl_xattr virusfilter
virusfilter:scanner = dummy
virusfilter:min file size = 0
virusfilter:infected files = * infected *
virusfilter:infected file action = rename
virusfilter:scan on close = yes
2023-01-12 10:22:09 -08:00
vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
2022-02-08 15:35:48 +01:00
2022-05-31 21:13:25 +02:00
[ volumeserialnumber ]
path = $ volume_serial_number_sharedir
volume serial number = 0xdeadbeef
2022-06-03 05:37:01 +02:00
[ ea_acl_xattr ]
path = $ share_dir
vfs objects = acl_xattr
acl_xattr:security_acl_name = user . hackme
read only = no
2023-09-16 20:00:33 +02:00
[ io_uring ]
path = $ share_dir
vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit io_uring
read only = no
2018-11-16 15:40:59 +01:00
[ homes ]
comment = Home directories
browseable = No
read only = No
2016-02-06 10:30:29 +01:00
" ;
2015-05-15 09:43:29 +02:00
2019-12-04 11:50:48 +00:00
if ( defined ( $ more_conf ) ) {
$ fileserver_options = $ fileserver_options . $ more_conf ;
}
if ( ! defined ( $ server ) ) {
$ server = "FILESERVER" ;
}
2020-01-24 10:45:52 +01:00
my $ vars = $ self - > provision (
prefix = > $ path ,
domain = > "WORKGROUP" ,
2019-12-04 11:50:48 +00:00
server = > $ server ,
2020-01-24 10:45:52 +01:00
password = > "fileserver" ,
extra_options = > $ fileserver_options ,
no_delete_prefix = > 1 ) ;
2015-05-15 09:43:29 +02:00
$ vars or return undef ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ vars ,
nmbd = > "yes" ,
smbd = > "yes" ) ) {
2015-05-15 09:43:29 +02:00
return undef ;
}
mkdir ( $ _ , 0777 ) foreach ( @ dirs ) ;
## Create case sensitive lower case share dir
foreach my $ file ( 'a' .. 'z' ) {
my $ full_path = $ lower_case_share_dir . '/' . $ file ;
open my $ fh , '>' , $ full_path ;
# Add some content to file
print $ fh $ full_path ;
close $ fh ;
}
for ( my $ file = 1 ; $ file < 51 ; + + $ file ) {
my $ full_path = $ lower_case_share_dir . '/' . $ file ;
open my $ fh , '>' , $ full_path ;
# Add some content to file
print $ fh $ full_path ;
close $ fh ;
}
# Create content for 30000 share
foreach my $ file ( 'a' .. 'z' ) {
my $ full_path = $ lower_case_share_dir_30000 . '/' . $ file ;
open my $ fh , '>' , $ full_path ;
# Add some content to file
print $ fh $ full_path ;
close $ fh ;
}
for ( my $ file = 1 ; $ file < 30001 ; + + $ file ) {
my $ full_path = $ lower_case_share_dir_30000 . '/' . $ file ;
open my $ fh , '>' , $ full_path ;
# Add some content to file
print $ fh $ full_path ;
close $ fh ;
}
2015-07-28 11:28:20 -07:00
##
## create a listable file in valid_users_share
##
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$valid_users_sharedir/foo" , 0644 ) or return undef ;
2015-07-28 11:28:20 -07:00
2020-05-11 14:10:54 -07:00
##
## create a valid utf8 filename which is invalid as a CP850 conversion
##
create_file_chmod ( "$bad_iconv_sharedir/\xED\x9F\xBF" , 0644 ) or return undef ;
2022-03-21 13:45:25 -07:00
##
## create unwritable files inside inside the delete unwrite veto share dirs.
##
unlink ( "$delete_unwrite_sharedir/delete_veto_yes/file_444" ) ;
create_file_chmod ( "$delete_unwrite_sharedir/delete_veto_yes/file_444" , 0444 ) or return undef ;
unlink ( "$delete_unwrite_sharedir/delete_veto_no/file_444" ) ;
create_file_chmod ( "$delete_unwrite_sharedir/delete_veto_no/file_444" , 0444 ) or return undef ;
2015-05-15 09:43:29 +02:00
return $ vars ;
}
2019-12-04 11:50:48 +00:00
sub setup_fileserver_smb1
{
my ( $ self , $ path ) = @ _ ;
2019-12-16 16:20:07 +00:00
my $ prefix_abs = abs_path ( $ path ) ;
2019-12-04 11:50:48 +00:00
my $ conf = "
[ global ]
client min protocol = CORE
server min protocol = LANMAN1
2023-02-17 15:40:30 +01:00
check parent directory delete on close = yes
2019-12-16 16:20:07 +00:00
[ hidenewfiles ]
path = $ prefix_abs / share
hide new files timeout = 5
2020-01-07 10:55:19 +00:00
[ vfs_aio_pthread ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = no
2020-01-07 10:55:19 +00:00
[ vfs_aio_pthread_async_dosmode_default1 ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread
store dos attributes = yes
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = yes
2020-01-07 10:55:19 +00:00
[ vfs_aio_pthread_async_dosmode_default2 ]
path = $ prefix_abs / share
read only = no
vfs objects = aio_pthread xattr_tdb
store dos attributes = yes
aio_pthread:aio open = yes
2021-07-14 15:26:42 -07:00
smbd async dosmode = yes
2020-01-07 10:55:19 +00:00
[ vfs_aio_fork ]
path = $ prefix_abs / share
vfs objects = aio_fork
read only = no
vfs_aio_fork:erratic_testing_mode = yes
2019-12-04 11:50:48 +00:00
" ;
return $ self - > setup_fileserver ( $ path , $ conf , "FILESERVERSMB1" ) ;
}
2019-12-17 15:26:08 +00:00
sub setup_fileserver_smb1_done
{
my ( $ self , $ path , $ dep_env ) = @ _ ;
return $ self - > return_alias_env ( $ path , $ dep_env ) ;
}
2018-02-08 16:51:23 +13:00
sub setup_ktest
2011-04-04 19:13:17 +10:00
{
2011-04-19 16:38:46 +10:00
my ( $ self , $ prefix ) = @ _ ;
2011-04-04 19:13:17 +10:00
2012-02-14 09:04:16 +11:00
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > have_ads ( ) ) {
return "UNKNOWN" ;
}
2011-04-04 19:13:17 +10:00
print "PROVISIONING server with security=ads..." ;
my $ ktest_options = "
workgroup = KTEST
realm = ktest . samba . example . com
security = ads
2012-02-14 19:22:14 +11:00
server signing = required
2017-01-25 21:15:44 +01:00
server min protocol = SMB3_00
client max protocol = SMB3
2017-07-04 13:40:31 +12:00
# This disables NTLM auth against the local SAM, which
# we use can then test this setting by.
ntlm auth = disabled
2021-10-05 17:14:01 +02:00
idmap config * : backend = autorid
idmap config * : range = 1000000 - 1999999
idmap config * : rangesize = 100000
2011-04-04 19:13:17 +10:00
" ;
2020-01-24 10:45:52 +01:00
my $ ret = $ self - > provision (
prefix = > $ prefix ,
domain = > "KTEST" ,
server = > "LOCALKTEST6" ,
password = > "localktest6pass" ,
extra_options = > $ ktest_options ) ;
2011-04-04 19:13:17 +10:00
2011-04-12 09:05:34 +10:00
$ ret or return undef ;
2011-04-04 19:13:17 +10:00
2011-04-19 16:38:46 +10:00
my $ ctx ;
my $ prefix_abs = abs_path ( $ prefix ) ;
$ ctx = { } ;
$ ctx - > { krb5_conf } = "$prefix_abs/lib/krb5.conf" ;
$ ctx - > { domain } = "KTEST" ;
$ ctx - > { realm } = "KTEST.SAMBA.EXAMPLE.COM" ;
$ ctx - > { dnsname } = lc ( $ ctx - > { realm } ) ;
$ ctx - > { kdc_ipv4 } = "0.0.0.0" ;
2014-09-04 14:33:05 +02:00
$ ctx - > { kdc_ipv6 } = "::" ;
2016-09-22 18:46:28 +02:00
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
2011-08-26 16:02:01 +10:00
Samba:: mk_krb5_conf ( $ ctx , "" ) ;
2011-04-19 16:38:46 +10:00
$ ret - > { KRB5_CONFIG } = $ ctx - > { krb5_conf } ;
2011-04-04 19:13:17 +10:00
#This is the secrets.tdb created by 'net ads join' from Samba3 to a
#Samba4 DC with the same parameters as are being used here. The
#domain SID is S-1-5-21-1071277805-689288055-3486227160
2018-02-26 14:56:27 +01:00
$ ret - > { SAMSID } = "S-1-5-21-1911091480-1468226576-2729736297" ;
$ ret - > { DOMSID } = "S-1-5-21-1071277805-689288055-3486227160" ;
2011-04-04 19:13:17 +10:00
2011-12-11 01:01:46 +10:30
system ( "cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb" ) ;
2011-04-04 19:13:17 +10:00
chmod 0600 , "$prefix/private/secrets.tdb" ;
2015-03-12 13:25:38 +00:00
#Make sure there's no old ntdb file.
system ( "rm -f $prefix/private/secrets.ntdb" ) ;
2011-04-04 19:13:17 +10:00
#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with:
# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232"
#
#and having in krb5.conf:
# ticket_lifetime = 799718400
# renew_lifetime = 799718400
#
2011-04-06 09:12:15 +10:00
# The commands for the -2 keytab where were:
2011-04-04 19:13:17 +10:00
# kinit administrator@KTEST.SAMBA.EXAMPLE.COM
# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
#
2011-04-06 09:12:15 +10:00
# and then for the -3 keytab, I did
#
# net changetrustpw; kdestroy and the same again.
#
# This creates a credential cache with a very long lifetime (2036 at
# at 2011-04), and shows that running 'net changetrustpw' does not
# break existing logins (for the secrets.tdb method at least).
#
2011-04-04 19:13:17 +10:00
$ ret - > { KRB5_CCACHE } = "FILE:$prefix/krb5_ccache" ;
2011-04-06 09:12:15 +10:00
system ( "cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2" ) ;
chmod 0600 , "$prefix/krb5_ccache-2" ;
system ( "cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3" ) ;
chmod 0600 , "$prefix/krb5_ccache-3" ;
2011-04-04 19:13:17 +10:00
2012-01-27 15:20:17 +11:00
# We need world access to this share, as otherwise the domain
# administrator from the AD domain provided by ktest can't
# access the share for tests.
chmod 0777 , "$prefix/share" ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ ret ,
nmbd = > "yes" ,
2021-10-05 17:14:01 +02:00
winbindd = > "offline" ,
2020-01-30 16:01:09 +01:00
smbd = > "yes" ) ) {
2011-04-12 09:05:34 +10:00
return undef ;
}
2011-04-04 19:13:17 +10:00
return $ ret ;
}
2018-02-08 16:51:23 +13:00
sub setup_maptoguest
2011-07-22 13:00:21 +10:00
{
my ( $ self , $ path ) = @ _ ;
2021-01-25 11:47:45 +01:00
my $ prefix_abs = abs_path ( $ path ) ;
my $ libdir = "$prefix_abs/lib" ;
my $ share_dir = "$prefix_abs/share" ;
my $ errorinjectconf = "$libdir/error_inject.conf" ;
2011-07-22 13:00:21 +10:00
print "PROVISIONING maptoguest..." ;
my $ options = "
2023-04-11 15:39:04 +12:00
domain logons = yes
2011-07-22 13:00:21 +10:00
map to guest = bad user
2016-07-21 09:26:27 +02:00
ntlm auth = yes
2021-12-21 14:39:25 +01:00
server min protocol = LANMAN1
2021-01-25 11:47:45 +01:00
[ force_user_error_inject ]
path = $ share_dir
vfs objects = acl_xattr fake_acls xattr_tdb error_inject
force user = user1
include = $ errorinjectconf
2011-07-22 13:00:21 +10:00
" ;
2020-01-24 10:45:52 +01:00
my $ vars = $ self - > provision (
prefix = > $ path ,
domain = > "WORKGROUP" ,
server = > "maptoguest" ,
password = > "maptoguestpass" ,
extra_options = > $ options ) ;
2011-07-22 13:00:21 +10:00
$ vars or return undef ;
2020-01-30 16:01:09 +01:00
if ( not $ self - > check_or_start (
env_vars = > $ vars ,
nmbd = > "yes" ,
2023-04-11 15:39:04 +12:00
winbindd = > "yes" ,
2020-01-30 16:01:09 +01:00
smbd = > "yes" ) ) {
2011-07-22 13:00:21 +10:00
return undef ;
}
return $ vars ;
}
2007-09-02 17:47:35 +00:00
sub stop_sig_term ($$) {
my ( $ self , $ pid ) = @ _ ;
kill ( "USR1" , $ pid ) or kill ( "ALRM" , $ pid ) or warn ( "Unable to kill $pid: $!" ) ;
}
sub stop_sig_kill ($$) {
my ( $ self , $ pid ) = @ _ ;
2009-03-20 14:25:15 +01:00
kill ( "ALRM" , $ pid ) or warn ( "Unable to kill $pid: $!" ) ;
2007-09-02 17:47:35 +00:00
}
2007-04-18 00:12:39 +00:00
2007-09-02 17:47:35 +00:00
sub write_pid ($$$)
{
my ( $ env_vars , $ app , $ pid ) = @ _ ;
2007-04-18 00:12:39 +00:00
2007-09-02 17:47:35 +00:00
open ( PID , ">$env_vars->{PIDDIR}/timelimit.$app.pid" ) ;
print PID $ pid ;
close ( PID ) ;
2007-04-18 00:12:39 +00:00
}
2007-09-02 17:47:35 +00:00
sub read_pid ($$)
{
my ( $ env_vars , $ app ) = @ _ ;
open ( PID , "<$env_vars->{PIDDIR}/timelimit.$app.pid" ) ;
my $ pid = <PID> ;
close ( PID ) ;
return $ pid ;
2007-04-18 00:12:39 +00:00
}
2019-05-23 12:37:04 +12:00
# builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc)
sub make_bin_cmd
{
my ( $ self , $ binary , $ env_vars , $ options , $ valgrind , $ dont_log_stdout ) = @ _ ;
2012-01-03 16:48:29 +11:00
2022-02-09 16:33:10 +01:00
my @ optargs = ( ) ;
2019-05-23 12:37:04 +12:00
if ( defined ( $ options ) ) {
@ optargs = split ( / / , $ options ) ;
2019-05-23 12:12:44 +12:00
}
my @ preargs = ( Samba:: bindir_path ( $ self , "timelimit" ) , $ self - > { server_maxtime } ) ;
2019-05-23 12:37:04 +12:00
if ( defined ( $ valgrind ) ) {
@ preargs = split ( / / , $ valgrind ) ;
2019-05-23 12:12:44 +12:00
}
my @ args = ( "-F" , "--no-process-group" ,
2021-04-14 11:44:51 +02:00
"--configfile=$env_vars->{SERVERCONFFILE}" ,
2019-05-23 12:12:44 +12:00
"-l" , $ env_vars - > { LOGDIR } ) ;
2019-05-23 12:37:04 +12:00
if ( not defined ( $ dont_log_stdout ) ) {
2021-01-11 09:52:36 +01:00
push ( @ args , "--debug-stdout" ) ;
2019-05-23 12:12:44 +12:00
}
2019-05-23 12:37:04 +12:00
return ( @ preargs , $ binary , @ args , @ optargs ) ;
}
2020-01-30 16:01:09 +01:00
sub check_or_start ($$) {
my ( $ self , % args ) = @ _ ;
my $ env_vars = $ args { env_vars } ;
my $ nmbd = $ args { nmbd } // "no" ;
my $ winbindd = $ args { winbindd } // "no" ;
my $ smbd = $ args { smbd } // "no" ;
2021-06-18 19:11:19 +02:00
my $ samba_dcerpcd = $ args { samba_dcerpcd } // "no" ;
2020-01-30 16:06:48 +01:00
my $ child_cleanup = $ args { child_cleanup } ;
2020-01-30 16:01:09 +01:00
2019-05-23 16:35:07 +12:00
my $ STDIN_READER ;
2019-05-23 12:37:04 +12:00
# use a pipe for stdin in the child processes. This allows
# those processes to monitor the pipe for EOF to ensure they
# exit when the test script exits
2019-05-23 16:35:07 +12:00
pipe ( $ STDIN_READER , $ env_vars - > { STDIN_PIPE } ) ;
2019-05-23 12:37:04 +12:00
2021-06-18 19:11:19 +02:00
my $ binary = Samba:: bindir_path ( $ self , "samba-dcerpcd" ) ;
my @ full_cmd = $ self - > make_bin_cmd (
$ binary ,
$ env_vars ,
$ ENV { SAMBA_DCERPCD_OPTIONS } ,
$ ENV { SAMBA_DCERPCD_VALGRIND } ,
$ ENV { SAMBA_DCERPCD_DONT_LOG_STDOUT } ) ;
push ( @ full_cmd , '--libexec-rpcds' ) ;
my $ samba_dcerpcd_envs = Samba:: get_env_for_process (
"samba_dcerpcd" , $ env_vars ) ;
# fork and exec() samba_dcerpcd in the child process
my $ daemon_ctx = {
NAME = > "samba_dcerpcd" ,
BINARY_PATH = > $ binary ,
FULL_CMD = > [ @ full_cmd ] ,
LOG_FILE = > $ env_vars - > { SAMBA_DCERPCD_TEST_LOG } ,
PCAP_FILE = > "env-$ENV{ENVNAME}-samba_dcerpcd" ,
ENV_VARS = > $ samba_dcerpcd_envs ,
} ;
if ( $ samba_dcerpcd ne "yes" ) {
$ daemon_ctx - > { SKIP_DAEMON } = 1 ;
}
my $ pid = Samba:: fork_and_exec (
$ self , $ env_vars , $ daemon_ctx , $ STDIN_READER , $ child_cleanup ) ;
$ env_vars - > { SAMBA_DCERPCD_TL_PID } = $ pid ;
write_pid ( $ env_vars , "samba_dcerpcd" , $ pid ) ;
$ binary = Samba:: bindir_path ( $ self , "nmbd" ) ;
@ full_cmd = $ self - > make_bin_cmd ( $ binary , $ env_vars ,
$ ENV { NMBD_OPTIONS } , $ ENV { NMBD_VALGRIND } ,
$ ENV { NMBD_DONT_LOG_STDOUT } ) ;
2019-05-23 15:47:46 +12:00
my $ nmbd_envs = Samba:: get_env_for_process ( "nmbd" , $ env_vars ) ;
delete $ nmbd_envs - > { RESOLV_WRAPPER_CONF } ;
delete $ nmbd_envs - > { RESOLV_WRAPPER_HOSTS } ;
2019-05-23 16:35:07 +12:00
# fork and exec() nmbd in the child process
2021-06-18 19:11:19 +02:00
$ daemon_ctx = {
2019-05-23 13:45:49 +12:00
NAME = > "nmbd" ,
BINARY_PATH = > $ binary ,
FULL_CMD = > [ @ full_cmd ] ,
LOG_FILE = > $ env_vars - > { NMBD_TEST_LOG } ,
2019-10-30 21:53:39 +01:00
PCAP_FILE = > "env-$ENV{ENVNAME}-nmbd" ,
2019-05-23 15:47:46 +12:00
ENV_VARS = > $ nmbd_envs ,
2019-05-23 16:58:20 +12:00
} ;
2019-05-23 13:45:49 +12:00
if ( $ nmbd ne "yes" ) {
2019-05-23 16:58:20 +12:00
$ daemon_ctx - > { SKIP_DAEMON } = 1 ;
2019-05-23 13:45:49 +12:00
}
2021-06-18 19:11:19 +02:00
$ pid = Samba:: fork_and_exec (
2020-01-30 16:06:48 +01:00
$ self , $ env_vars , $ daemon_ctx , $ STDIN_READER , $ child_cleanup ) ;
2019-05-23 12:12:44 +12:00
2012-03-04 18:34:34 +11:00
$ env_vars - > { NMBD_TL_PID } = $ pid ;
2007-09-02 17:47:35 +00:00
write_pid ( $ env_vars , "nmbd" , $ pid ) ;
2007-03-21 15:57:07 +00:00
2019-05-23 12:12:44 +12:00
$ binary = Samba:: bindir_path ( $ self , "winbindd" ) ;
2019-05-23 12:37:04 +12:00
@ full_cmd = $ self - > make_bin_cmd ( $ binary , $ env_vars ,
2021-01-11 09:52:36 +01:00
$ ENV { WINBINDD_OPTIONS } ,
$ ENV { WINBINDD_VALGRIND } ,
$ ENV { WINBINDD_DONT_LOG_STDOUT } ) ;
2019-05-23 16:35:07 +12:00
# fork and exec() winbindd in the child process
2019-05-23 16:58:20 +12:00
$ daemon_ctx = {
2019-05-23 13:45:49 +12:00
NAME = > "winbindd" ,
BINARY_PATH = > $ binary ,
FULL_CMD = > [ @ full_cmd ] ,
LOG_FILE = > $ env_vars - > { WINBINDD_TEST_LOG } ,
2019-10-30 21:53:39 +01:00
PCAP_FILE = > "env-$ENV{ENVNAME}-winbindd" ,
2019-05-23 16:58:20 +12:00
} ;
2021-10-05 16:42:00 +02:00
if ( $ winbindd ne "yes" and $ winbindd ne "offline" ) {
2019-05-23 16:58:20 +12:00
$ daemon_ctx - > { SKIP_DAEMON } = 1 ;
2019-05-23 13:45:49 +12:00
}
2020-01-30 16:06:48 +01:00
$ pid = Samba:: fork_and_exec (
$ self , $ env_vars , $ daemon_ctx , $ STDIN_READER , $ child_cleanup ) ;
2019-05-23 12:12:44 +12:00
2012-03-04 18:34:34 +11:00
$ env_vars - > { WINBINDD_TL_PID } = $ pid ;
2009-01-28 09:35:44 +01:00
write_pid ( $ env_vars , "winbindd" , $ pid ) ;
2007-09-30 09:08:10 +00:00
2019-05-23 12:12:44 +12:00
$ binary = Samba:: bindir_path ( $ self , "smbd" ) ;
2019-05-23 12:37:04 +12:00
@ full_cmd = $ self - > make_bin_cmd ( $ binary , $ env_vars ,
$ ENV { SMBD_OPTIONS } , $ ENV { SMBD_VALGRIND } ,
$ ENV { SMBD_DONT_LOG_STDOUT } ) ;
2019-05-23 16:35:07 +12:00
# fork and exec() smbd in the child process
2019-05-23 16:58:20 +12:00
$ daemon_ctx = {
2019-05-23 13:45:49 +12:00
NAME = > "smbd" ,
BINARY_PATH = > $ binary ,
FULL_CMD = > [ @ full_cmd ] ,
LOG_FILE = > $ env_vars - > { SMBD_TEST_LOG } ,
2019-10-30 21:53:39 +01:00
PCAP_FILE = > "env-$ENV{ENVNAME}-smbd" ,
2019-05-23 16:58:20 +12:00
} ;
2019-05-23 13:45:49 +12:00
if ( $ smbd ne "yes" ) {
2019-05-23 16:58:20 +12:00
$ daemon_ctx - > { SKIP_DAEMON } = 1 ;
2019-05-23 13:45:49 +12:00
}
2019-05-23 12:12:44 +12:00
2020-01-30 16:06:48 +01:00
$ pid = Samba:: fork_and_exec (
$ self , $ env_vars , $ daemon_ctx , $ STDIN_READER , $ child_cleanup ) ;
2012-01-03 16:48:29 +11:00
2012-03-04 18:34:34 +11:00
$ env_vars - > { SMBD_TL_PID } = $ pid ;
2007-09-02 17:47:35 +00:00
write_pid ( $ env_vars , "smbd" , $ pid ) ;
2007-03-21 15:57:07 +00:00
2019-05-23 16:35:07 +12:00
# close the parent's read-end of the pipe
2019-12-07 23:05:03 +13:00
close ( $ STDIN_READER ) ;
2012-01-03 16:48:29 +11:00
2021-06-18 19:11:19 +02:00
return $ self - > wait_for_start ( $ env_vars ,
$ nmbd ,
$ winbindd ,
$ smbd ,
$ samba_dcerpcd ) ;
2007-03-21 15:57:07 +00:00
}
2017-12-08 15:20:36 +13:00
sub createuser ($$$$$)
2016-02-18 00:48:04 +01:00
{
2017-12-08 15:20:36 +13:00
my ( $ self , $ username , $ password , $ conffile , $ env ) = @ _ ;
2016-02-18 00:48:04 +01:00
my $ cmd = "UID_WRAPPER_ROOT=1 " . Samba:: bindir_path ( $ self , "smbpasswd" ) . " -c $conffile -L -s -a $username > /dev/null" ;
2017-12-08 15:20:36 +13:00
keys %$ env ;
while ( my ( $ var , $ val ) = each %$ env ) {
$ cmd = "$var=\"$val\" $cmd" ;
}
2016-02-18 00:48:04 +01:00
unless ( open ( PWD , "|$cmd" ) ) {
warn ( "Unable to set password for $username account\n$cmd" ) ;
return undef ;
}
print PWD "$password\n$password\n" ;
unless ( close ( PWD ) ) {
warn ( "Unable to set password for $username account\n$cmd" ) ;
return undef ;
}
}
2020-01-24 10:45:52 +01:00
sub provision ($$)
2007-03-21 15:57:07 +00:00
{
2020-01-24 10:45:52 +01:00
my ( $ self , % args ) = @ _ ;
my $ prefix = $ args { prefix } ;
my $ domain = $ args { domain } ;
2021-01-14 08:14:46 +01:00
my $ realm = $ args { realm } ;
2020-01-24 10:45:52 +01:00
my $ server = $ args { server } ;
my $ password = $ args { password } ;
my $ extra_options = $ args { extra_options } ;
2020-02-27 12:33:48 +01:00
my $ resolv_conf = $ args { resolv_conf } ;
2020-01-24 10:45:52 +01:00
my $ no_delete_prefix = $ args { no_delete_prefix } ;
2020-01-24 11:55:36 +01:00
my $ netbios_name = $ args { netbios_name } // $ server ;
2021-05-10 12:32:51 +02:00
my $ server_log_level = $ ENV { SERVER_LOG_LEVEL } || 1 ;
2007-04-18 00:12:39 +00:00
##
## setup the various environment variables we need
##
2018-02-26 14:56:27 +01:00
my $ samsid = Samba:: random_domain_sid ( ) ;
2012-03-02 11:44:56 +11:00
my $ swiface = Samba:: get_interface ( $ server ) ;
2007-03-21 15:57:07 +00:00
my % ret = ( ) ;
2017-12-08 15:20:36 +13:00
my % createuser_env = ( ) ;
2019-02-19 16:18:11 +13:00
my $ server_ip = Samba:: get_ipv4_addr ( $ server ) ;
my $ server_ipv6 = Samba:: get_ipv6_addr ( $ server ) ;
2021-01-14 08:14:46 +01:00
my $ dns_domain ;
if ( defined ( $ realm ) ) {
$ dns_domain = lc ( $ realm ) ;
} else {
$ dns_domain = "samba.example.com" ;
}
2007-09-30 09:08:10 +00:00
2009-01-28 17:28:51 +01:00
my $ unix_name = ( $ ENV { USER } or $ ENV { LOGNAME } or `PATH=/usr/ucb:$ENV{PATH} whoami` ) ;
chomp $ unix_name ;
my $ unix_uid = $> ;
my $ unix_gids_str = $ ) ;
my @ unix_gids = split ( " " , $ unix_gids_str ) ;
2007-03-21 15:57:07 +00:00
2007-04-18 00:12:39 +00:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2009-01-28 17:28:51 +01:00
my $ bindir_abs = abs_path ( $ self - > { bindir } ) ;
2007-09-30 09:08:10 +00:00
my @ dirs = ( ) ;
2020-01-27 14:16:30 +01:00
my $ shrdir = $ args { share_dir } // "$prefix_abs/share" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ shrdir ) ;
2007-04-18 00:12:39 +00:00
my $ libdir = "$prefix_abs/lib" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ libdir ) ;
2007-04-18 00:12:39 +00:00
my $ piddir = "$prefix_abs/pid" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ piddir ) ;
2007-04-18 00:12:39 +00:00
my $ privatedir = "$prefix_abs/private" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ privatedir ) ;
2019-11-06 17:27:08 +13:00
my $ cachedir = "$prefix_abs/cachedir" ;
push ( @ dirs , $ cachedir ) ;
2017-08-22 17:10:01 +02:00
my $ binddnsdir = "$prefix_abs/bind-dns" ;
push ( @ dirs , $ binddnsdir ) ;
2007-04-18 00:12:39 +00:00
my $ lockdir = "$prefix_abs/lockdir" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ lockdir ) ;
2010-03-17 22:55:00 +01:00
my $ eventlogdir = "$prefix_abs/lockdir/eventlog" ;
push ( @ dirs , $ eventlogdir ) ;
2007-04-18 00:12:39 +00:00
my $ logdir = "$prefix_abs/logs" ;
2007-09-30 09:08:10 +00:00
push ( @ dirs , $ logdir ) ;
2010-04-23 13:51:02 +02:00
my $ driver32dir = "$shrdir/W32X86" ;
push ( @ dirs , $ driver32dir ) ;
my $ driver64dir = "$shrdir/x64" ;
push ( @ dirs , $ driver64dir ) ;
2010-11-29 15:17:41 +01:00
my $ driver40dir = "$shrdir/WIN40" ;
push ( @ dirs , $ driver40dir ) ;
2010-05-29 00:09:14 +02:00
my $ ro_shrdir = "$shrdir/root-tmp" ;
push ( @ dirs , $ ro_shrdir ) ;
2019-07-16 15:40:38 +02:00
my $ noperm_shrdir = "$shrdir/noperm-tmp" ;
push ( @ dirs , $ noperm_shrdir ) ;
2010-05-29 00:09:14 +02:00
my $ msdfs_shrdir = "$shrdir/msdfsshare" ;
push ( @ dirs , $ msdfs_shrdir ) ;
2022-06-17 10:15:42 +01:00
my $ msdfs_shrdir2 = "$shrdir/msdfsshare2" ;
push ( @ dirs , $ msdfs_shrdir2 ) ;
2022-08-29 14:37:35 -07:00
my $ msdfs_pathname_share = "$shrdir/msdfs_pathname_share" ;
push ( @ dirs , $ msdfs_pathname_share ) ;
2022-09-08 16:42:26 -07:00
my $ non_msdfs_pathname_share = "$shrdir/non_msdfs_pathname_share" ;
push ( @ dirs , $ non_msdfs_pathname_share ) ;
2010-05-29 00:09:14 +02:00
my $ msdfs_deeppath = "$msdfs_shrdir/deeppath" ;
push ( @ dirs , $ msdfs_deeppath ) ;
2020-07-02 11:44:36 +01:00
my $ smbcacls_sharedir_dfs = "$shrdir/smbcacls_sharedir_dfs" ;
push ( @ dirs , $ smbcacls_sharedir_dfs ) ;
2020-07-27 16:58:31 +01:00
my $ smbcacls_share = "$shrdir/smbcacls_share" ;
push ( @ dirs , $ smbcacls_share ) ;
my $ smbcacls_share_testdir = "$shrdir/smbcacls_share/smbcacls" ;
push ( @ dirs , $ smbcacls_share_testdir ) ;
2014-08-27 13:15:29 -07:00
my $ badnames_shrdir = "$shrdir/badnames" ;
push ( @ dirs , $ badnames_shrdir ) ;
2021-02-09 16:54:18 +01:00
my $ lease1_shrdir = "$shrdir/dynamic" ;
2014-11-17 14:17:34 -08:00
push ( @ dirs , $ lease1_shrdir ) ;
2015-05-01 21:08:21 -07:00
my $ manglenames_shrdir = "$shrdir/manglenames" ;
push ( @ dirs , $ manglenames_shrdir ) ;
2015-07-09 13:57:58 -07:00
my $ widelinks_shrdir = "$shrdir/widelinks" ;
push ( @ dirs , $ widelinks_shrdir ) ;
my $ widelinks_linkdir = "$shrdir/widelinks_foo" ;
push ( @ dirs , $ widelinks_linkdir ) ;
2019-07-30 17:16:59 +02:00
my $ fsrvp_shrdir = "$shrdir/fsrvp" ;
push ( @ dirs , $ fsrvp_shrdir ) ;
2015-10-29 22:24:30 +02:00
my $ shadow_tstdir = "$shrdir/shadow" ;
push ( @ dirs , $ shadow_tstdir ) ;
my $ shadow_mntdir = "$shadow_tstdir/mount" ;
push ( @ dirs , $ shadow_mntdir ) ;
my $ shadow_basedir = "$shadow_mntdir/base" ;
push ( @ dirs , $ shadow_basedir ) ;
my $ shadow_shrdir = "$shadow_basedir/share" ;
push ( @ dirs , $ shadow_shrdir ) ;
2017-03-27 11:48:25 -07:00
my $ nosymlinks_shrdir = "$shrdir/nosymlinks" ;
push ( @ dirs , $ nosymlinks_shrdir ) ;
2017-06-23 11:12:22 -07:00
my $ local_symlinks_shrdir = "$shrdir/local_symlinks" ;
push ( @ dirs , $ local_symlinks_shrdir ) ;
2022-06-17 17:49:43 -07:00
my $ fruit_resource_stream_shrdir = "$shrdir/fruit_resource_stream" ;
push ( @ dirs , $ fruit_resource_stream_shrdir ) ;
2023-03-30 10:16:35 +02:00
my $ smbget_sharedir = "$shrdir/smbget" ;
push ( @ dirs , $ smbget_sharedir ) ;
2007-09-30 09:08:10 +00:00
# this gets autocreated by winbindd
2021-05-19 13:57:21 +12:00
my $ wbsockdir = "$prefix_abs/wbsock" ;
2007-03-21 15:57:07 +00:00
2011-01-07 21:28:45 -08:00
my $ nmbdsockdir = "$prefix_abs/nmbd" ;
2011-01-10 14:24:51 -08:00
unlink ( $ nmbdsockdir ) ;
2011-01-07 21:28:45 -08:00
2022-02-08 15:34:56 +01:00
##
2007-04-18 00:12:39 +00:00
## create the test directory layout
##
2009-02-04 11:26:46 +01:00
die ( "prefix_abs = ''" ) if $ prefix_abs eq "" ;
die ( "prefix_abs = '/'" ) if $ prefix_abs eq "/" ;
2007-04-20 11:40:44 +00:00
mkdir ( $ prefix_abs , 0777 ) ;
2007-04-18 00:12:39 +00:00
print "CREATE TEST ENVIRONMENT IN '$prefix'..." ;
2011-05-08 10:32:01 +02:00
if ( not defined ( $ no_delete_prefix ) or not $ no_delete_prefix ) {
system ( "rm -rf $prefix_abs/*" ) ;
}
2007-09-30 09:08:10 +00:00
mkdir ( $ _ , 0777 ) foreach ( @ dirs ) ;
2014-07-22 00:31:16 +02:00
my $ fs_specific_conf = $ self - > get_fs_specific_conf ( $ shrdir ) ;
2012-12-21 15:16:10 -08:00
##
## lockdir and piddir must be 0755
##
chmod 0755 , $ lockdir ;
chmod 0755 , $ piddir ;
2019-07-16 15:40:38 +02:00
##
## Create a directory without permissions to enter
##
chmod 0000 , $ noperm_shrdir ;
2010-05-29 00:09:14 +02:00
##
## create ro and msdfs share layout
##
2010-05-29 00:38:21 +02:00
chmod 0755 , $ ro_shrdir ;
2010-05-29 00:09:14 +02:00
2022-07-12 11:19:13 +02:00
create_file_chmod ( "$ro_shrdir/readable_file" , 0644 ) or return undef ;
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$ro_shrdir/unreadable_file" , 0600 ) or return undef ;
create_file_chmod ( "$ro_shrdir/msdfs-target" , 0600 ) or return undef ;
2015-02-27 14:52:47 +00:00
symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp" ,
"$msdfs_shrdir/msdfs-src1" ;
2014-06-19 17:21:16 +02:00
symlink "msdfs:$server_ipv6\\ro-tmp" , "$msdfs_shrdir/deeppath/msdfs-src2" ;
2020-07-02 11:44:36 +01:00
symlink "msdfs:$server_ip\\smbcacls_sharedir_dfs,$server_ipv6\\smbcacls_sharedir_dfs" ,
"$msdfs_shrdir/smbcacls_sharedir_dfs" ;
2010-05-29 00:09:14 +02:00
2022-06-17 10:15:42 +01:00
symlink "msdfs:$server_ip\\msdfs-share2,$server_ipv6\\msdfs-share2" , "$msdfs_shrdir/dfshop1" ;
symlink "msdfs:$server_ip\\tmp,$server_ipv6\\tmp" , "$msdfs_shrdir2/dfshop2" ;
2014-08-27 13:15:29 -07:00
##
## create bad names in $badnames_shrdir
##
## (An invalid name, would be mangled to 8.3).
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$badnames_shrdir/\340|\231\216\377\177" ,
0600 ) or return undef ;
2014-08-27 13:15:29 -07:00
## (A bad name, would not be mangled to 8.3).
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$badnames_shrdir/\240\276\346\327\377\177" ,
0666 ) or return undef ;
2014-08-27 13:15:29 -07:00
## (A bad good name).
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$badnames_shrdir/blank.txt" ,
0666 ) or return undef ;
2014-08-27 13:15:29 -07:00
2015-05-01 21:08:21 -07:00
##
## create mangleable directory names in $manglenames_shrdir
##
my $ manglename_target = "$manglenames_shrdir/foo:bar" ;
mkdir ( $ manglename_target , 0777 ) ;
2015-07-09 13:57:58 -07:00
##
## create symlinks for widelinks tests.
##
my $ widelinks_target = "$widelinks_linkdir/target" ;
2020-01-23 16:07:59 +01:00
create_file_chmod ( "$widelinks_target" , 0666 ) or return undef ;
2015-07-09 13:57:58 -07:00
##
2021-12-07 12:56:51 -08:00
## This link should get an error
2015-07-09 13:57:58 -07:00
##
symlink "$widelinks_target" , "$widelinks_shrdir/source" ;
##
## This link should be allowed
##
symlink "$widelinks_shrdir" , "$widelinks_shrdir/dot" ;
2007-09-30 09:08:10 +00:00
my $ conffile = "$libdir/server.conf" ;
2016-01-06 12:59:06 +02:00
my $ dfqconffile = "$libdir/dfq.conf" ;
2018-08-31 12:44:09 +02:00
my $ errorinjectconf = "$libdir/error_inject.conf" ;
my $ delayinjectconf = "$libdir/delay_inject.conf" ;
2019-10-07 23:51:19 +03:00
my $ globalinjectconf = "$libdir/global_inject.conf" ;
2022-11-15 16:35:15 +01:00
my $ aliceconfdir = "$libdir" ;
my $ aliceconffile = "$libdir/alice.conf" ;
2007-03-21 15:57:07 +00:00
2017-11-07 11:40:11 +01:00
my $ nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl" ;
2009-01-28 17:28:51 +01:00
my $ nss_wrapper_passwd = "$privatedir/passwd" ;
my $ nss_wrapper_group = "$privatedir/group" ;
2013-06-27 16:12:47 +02:00
my $ nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts" ;
2015-01-07 12:18:55 +13:00
my $ dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file" ;
2009-01-28 17:28:51 +01:00
2011-02-22 11:56:18 +11:00
my $ mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl" ;
2010-02-18 00:48:58 +01:00
2013-05-15 00:42:35 +02:00
my $ fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl" ;
2010-03-17 22:55:00 +01:00
my @ eventlog_list = ( "dns server" , "application" ) ;
2010-03-19 10:23:39 +01:00
##
## calculate uids and gids
##
my ( $ max_uid , $ max_gid ) ;
2015-07-28 11:28:20 -07:00
my ( $ uid_nobody , $ uid_root , $ uid_pdbtest , $ uid_pdbtest2 , $ uid_userdup ) ;
2015-11-17 23:14:36 +02:00
my ( $ uid_pdbtest_wkn ) ;
2016-02-06 10:30:29 +01:00
my ( $ uid_smbget ) ;
2015-12-04 14:50:56 +01:00
my ( $ uid_force_user ) ;
2012-11-20 16:48:23 +01:00
my ( $ gid_nobody , $ gid_nogroup , $ gid_root , $ gid_domusers , $ gid_domadmins ) ;
2015-11-17 23:14:36 +02:00
my ( $ gid_userdup , $ gid_everyone ) ;
2015-12-04 14:50:56 +01:00
my ( $ gid_force_user ) ;
2022-04-05 08:30:23 +02:00
my ( $ gid_jackthemapper ) ;
my ( $ gid_jacknomapper ) ;
2016-08-11 23:54:22 +03:00
my ( $ uid_user1 ) ;
my ( $ uid_user2 ) ;
2018-11-15 16:06:49 +01:00
my ( $ uid_gooduser ) ;
my ( $ uid_eviluser ) ;
2018-12-03 11:05:46 +01:00
my ( $ uid_slashuser ) ;
2021-11-12 14:20:45 +13:00
my ( $ uid_localbob ) ;
my ( $ uid_localjane ) ;
2022-04-01 15:56:30 +02:00
my ( $ uid_localjackthemapper ) ;
my ( $ uid_localjacknomapper ) ;
2010-03-19 10:23:39 +01:00
2018-12-03 11:05:46 +01:00
if ( $ unix_uid < 0xffff - 13 ) {
2010-03-19 10:23:39 +01:00
$ max_uid = 0xffff ;
} else {
$ max_uid = $ unix_uid ;
}
$ uid_root = $ max_uid - 1 ;
$ uid_nobody = $ max_uid - 2 ;
2012-06-27 17:51:55 +10:00
$ uid_pdbtest = $ max_uid - 3 ;
2014-05-16 14:30:43 +12:00
$ uid_pdbtest2 = $ max_uid - 4 ;
2015-07-28 11:28:20 -07:00
$ uid_userdup = $ max_uid - 5 ;
2015-11-17 23:14:36 +02:00
$ uid_pdbtest_wkn = $ max_uid - 6 ;
2015-12-04 14:50:56 +01:00
$ uid_force_user = $ max_uid - 7 ;
2016-02-06 10:30:29 +01:00
$ uid_smbget = $ max_uid - 8 ;
2016-08-11 23:54:22 +03:00
$ uid_user1 = $ max_uid - 9 ;
$ uid_user2 = $ max_uid - 10 ;
2018-11-15 16:06:49 +01:00
$ uid_gooduser = $ max_uid - 11 ;
$ uid_eviluser = $ max_uid - 12 ;
2018-12-03 11:05:46 +01:00
$ uid_slashuser = $ max_uid - 13 ;
2021-11-12 14:20:45 +13:00
$ uid_localbob = $ max_uid - 14 ;
$ uid_localjane = $ max_uid - 15 ;
2022-04-01 15:56:30 +02:00
$ uid_localjackthemapper = $ max_uid - 16 ;
$ uid_localjacknomapper = $ max_uid - 17 ;
2010-03-19 10:23:39 +01:00
2015-12-04 14:50:56 +01:00
if ( $ unix_gids [ 0 ] < 0xffff - 8 ) {
2010-03-19 10:23:39 +01:00
$ max_gid = 0xffff ;
} else {
$ max_gid = $ unix_gids [ 0 ] ;
}
$ gid_nobody = $ max_gid - 1 ;
$ gid_nogroup = $ max_gid - 2 ;
$ gid_root = $ max_gid - 3 ;
2010-11-08 13:39:51 -08:00
$ gid_domusers = $ max_gid - 4 ;
2012-11-20 16:48:23 +01:00
$ gid_domadmins = $ max_gid - 5 ;
2015-07-28 11:28:20 -07:00
$ gid_userdup = $ max_gid - 6 ;
2015-11-17 23:14:36 +02:00
$ gid_everyone = $ max_gid - 7 ;
2015-12-04 14:50:56 +01:00
$ gid_force_user = $ max_gid - 8 ;
2022-04-05 08:30:23 +02:00
$ gid_jackthemapper = $ max_gid - 9 ;
$ gid_jacknomapper = $ max_gid - 10 ;
2010-03-19 10:23:39 +01:00
##
## create conffile
##
2011-05-08 06:54:50 +02:00
unless ( open ( CONF , ">$conffile" ) ) {
warn ( "Unable to open $conffile" ) ;
return undef ;
}
2019-03-12 14:00:55 +13:00
my $ interfaces = Samba:: get_interfaces_config ( $ server ) ;
2007-04-18 00:12:39 +00:00
print CONF "
[ global ]
2019-11-06 17:27:08 +13:00
dcesrv:fuzz directory = $ cachedir / fuzz
2020-01-24 11:55:36 +01:00
netbios name = $ netbios_name
2019-03-12 14:00:55 +13:00
interfaces = $ interfaces
2009-01-28 17:28:51 +01:00
bind interfaces only = yes
2013-09-11 17:56:02 +02:00
panic action = cd $ self - > { srcdir } && $ self - > { srcdir } /selftest/g db_backtrace % d % \ $ ( MAKE_TEST_BINARY )
2012-05-17 01:06:29 +02:00
smbd:suicide mode = yes
2020-06-23 15:56:34 +02:00
smbd:FSCTL_SMBTORTURE = yes
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
This is really expensive as share_mode_forall_entries() is currently
doing a talloc_memdup() of the whole record...
This is mainly used to avoid regressions, so only
use smbd:validate_oplock_types = yes in make test,
but skip it for production.
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=file.dat' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From:
open[num/s=8852,avslat=0.014999,minlat=0.000042,maxlat=0.054600]
close[num/s=8850,avslat=0.014136,minlat=0.000025,maxlat=0.054537]
to:
open[num/s=11377,avslat=0.012075,minlat=0.000041,maxlat=0.054107]
close[num/s=11375,avslat=0.010594,minlat=0.000023,maxlat=0.053620]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-19 15:17:41 +00:00
smbd:validate_oplock_types = yes
2009-01-28 17:28:51 +01:00
2019-09-27 15:24:25 +01:00
client min protocol = SMB2_02
server min protocol = SMB2_02
2019-07-08 11:55:13 +02:00
2020-06-19 12:32:59 +02:00
server multi channel support = yes
2007-04-18 00:12:39 +00:00
workgroup = $ domain
2007-03-21 15:57:07 +00:00
2007-04-18 00:12:39 +00:00
private dir = $ privatedir
2017-08-22 17:10:01 +02:00
binddns dir = $ binddnsdir
2007-04-18 00:12:39 +00:00
pid directory = $ piddir
lock directory = $ lockdir
log file = $ logdir / log . \ % m
2021-05-10 12:32:51 +02:00
log level = $ server_log_level
2023-01-25 02:01:22 +01:00
winbind debug traceid = yes
2011-03-18 10:03:05 +01:00
debug pid = yes
2011-04-04 09:22:03 +10:00
max log size = 0
2007-03-21 15:57:07 +00:00
2023-04-06 12:28:12 +12:00
debug syslog format = always
debug hires timestamp = yes
2009-01-28 17:28:51 +01:00
state directory = $ lockdir
cache directory = $ lockdir
2007-04-18 00:12:39 +00:00
passdb backend = tdbsam
2009-01-28 17:28:51 +01:00
time server = yes
2010-03-19 10:23:39 +01:00
add user script = $ nss_wrapper_pl - - passwd_path $ nss_wrapper_passwd - - type passwd - - action add - - name % u - - gid $ gid_nogroup
2009-05-28 10:40:22 +02:00
add group script = $ nss_wrapper_pl - - group_path $ nss_wrapper_group - - type group - - action add - - name % g
2010-03-19 10:23:39 +01:00
add machine script = $ nss_wrapper_pl - - passwd_path $ nss_wrapper_passwd - - type passwd - - action add - - name % u - - gid $ gid_nogroup
2009-05-28 10:40:22 +02:00
add user to group script = $ nss_wrapper_pl - - passwd_path $ nss_wrapper_passwd - - type member - - action add - - member % u - - name % g - - group_path $ nss_wrapper_group
delete user script = $ nss_wrapper_pl - - passwd_path $ nss_wrapper_passwd - - type passwd - - action delete - - name % u
delete group script = $ nss_wrapper_pl - - group_path $ nss_wrapper_group - - type group - - action delete - - name % g
delete user from group script = $ nss_wrapper_pl - - passwd_path $ nss_wrapper_passwd - - type member - - action delete - - member % u - - name % g - - group_path $ nss_wrapper_group
2009-01-28 17:28:51 +01:00
2010-02-18 00:48:58 +01:00
addprinter command = $ mod_printer_pl - a - s $ conffile - -
deleteprinter command = $ mod_printer_pl - d - s $ conffile - -
2010-03-17 22:55:00 +01:00
eventlog list = application \ " dns server \ "
2009-01-28 17:28:51 +01:00
kernel oplocks = no
kernel change notify = no
2015-03-23 16:16:36 -07:00
logging = file
2009-01-28 17:28:51 +01:00
printing = bsd
printcap name = /dev/ null
2007-09-26 19:23:54 +00:00
2013-10-11 13:34:13 +13:00
winbindd socket directory = $ wbsockdir
2011-01-07 21:28:45 -08:00
nmbd:socket dir = $ nmbdsockdir
2011-03-10 15:58:05 +01:00
idmap config * : range = 100000 - 200000
2010-01-13 15:21:14 +01:00
winbind enum users = yes
winbind enum groups = yes
2014-03-31 20:47:18 +13:00
winbind separator = /
2016-12-01 08:18:58 +01:00
include system krb5 conf = no
2009-01-28 17:28:51 +01:00
# min receivefile size = 4000
2007-09-30 09:08:10 +00:00
2007-04-18 00:12:39 +00:00
read only = no
2010-11-10 17:54:57 -08:00
2007-04-18 00:12:39 +00:00
smbd:sharedelay = 100000
2012-03-15 17:28:38 +01:00
smbd:writetimeupdatedelay = 500000
2010-05-29 00:09:14 +02:00
map hidden = no
map system = no
map readonly = no
store dos attributes = yes
2013-03-10 20:25:53 +11:00
create mask = 755
2011-10-27 16:41:18 -07:00
dos filemode = yes
2014-10-24 13:57:04 -07:00
strict rename = yes
2015-11-11 13:28:09 -07:00
strict sync = yes
2019-07-08 15:26:25 +02:00
mangled names = yes
2018-08-10 10:38:28 -07:00
vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit
full_audit:syslog = no
full_audit:success = none
full_audit:failure = none
2009-01-28 17:28:51 +01:00
2010-03-25 00:55:13 +01:00
printing = vlp
print command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb print % p % s
lpq command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpq % p
lp rm command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lprm % p % j
lp pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lppause % p % j
lp resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpresume % p % j
queue pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queuepause % p
queue resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queueresume % p
2010-03-26 22:58:42 +01:00
lpq cache time = 0
2013-10-14 13:53:22 +02:00
print notify backchannel = yes
2010-03-25 00:55:13 +01:00
2011-05-08 10:32:01 +02:00
ncalrpc dir = $ prefix_abs / ncalrpc
2011-04-26 09:49:08 +10:00
2011-07-27 15:42:45 +10:00
# The samba3.blackbox.smbclient_s3 test uses this to test that
# sending messages works, and that the %m sub works.
2011-06-09 15:22:19 +10:00
message command = mv % s $ shrdir / message . % m
2013-05-15 00:42:35 +02:00
# fsrvp server requires registry shares
registry shares = yes
2015-06-12 08:37:30 -07:00
# Used by RPC SRVSVC tests
add share command = $ bindir_abs / smbaddshare
change share command = $ bindir_abs / smbchangeshare
delete share command = $ bindir_abs / smbdeleteshare
2015-06-10 15:30:04 +02:00
# fruit:copyfile is a global option
fruit:copyfile = yes
2015-10-29 22:24:30 +02:00
#this does not mean that we use non-secure test env,
#it just means we ALLOW one to be configured.
allow insecure wide links = yes
2019-10-07 23:51:19 +03:00
include = $ globalinjectconf
2009-01-28 20:30:16 +01:00
# Begin extra options
$ extra_options
# End extra options
2009-01-28 17:28:51 +01:00
#Include user defined custom parameters if set
2009-01-28 22:15:44 +01:00
" ;
if ( defined ( $ ENV { INCLUDE_CUSTOM_CONF } ) ) {
print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n" ;
}
2009-01-28 17:28:51 +01:00
2009-01-28 22:15:44 +01:00
print CONF "
2020-07-27 16:58:31 +01:00
[ smbcacls_share ]
path = $ smbcacls_share
comment = smb username is [ % U ]
msdfs root = yes
2020-07-02 11:44:36 +01:00
[ smbcacls_sharedir_dfs ]
path = $ smbcacls_sharedir_dfs
comment = smb username is [ % U ]
2009-01-28 17:28:51 +01:00
[ tmp ]
path = $ shrdir
2011-07-29 12:12:36 +10:00
comment = smb username is [ % U ]
2014-02-11 10:39:04 -08:00
[ tmpsort ]
path = $ shrdir
comment = Load dirsort module
vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot
2012-08-17 08:50:21 +02:00
[ tmpenc ]
path = $ shrdir
comment = encrypt smb username is [ % U ]
2020-09-08 10:15:22 +02:00
server smb encrypt = required
2013-05-22 16:13:21 +10:00
vfs objects = dirsort
2011-02-18 18:52:00 +11:00
[ tmpguest ]
path = $ shrdir
guest ok = yes
[ guestonly ]
path = $ shrdir
guest only = yes
guest ok = yes
[ forceuser ]
path = $ shrdir
force user = $ unix_name
guest ok = yes
2015-01-13 13:49:58 -08:00
[ forceuser_unixonly ]
2015-11-17 23:14:36 +02:00
comment = force a user with unix user SID and group SID
2015-01-13 13:49:58 -08:00
path = $ shrdir
force user = pdbtest
guest ok = yes
2015-11-17 23:14:36 +02:00
[ forceuser_wkngroup ]
comment = force a user with well - known group SID
path = $ shrdir
force user = pdbtest_wkn
guest ok = yes
2011-02-18 18:52:00 +11:00
[ forcegroup ]
path = $ shrdir
force group = nogroup
guest ok = yes
2010-05-29 00:09:14 +02:00
[ ro - tmp ]
path = $ ro_shrdir
guest ok = yes
2019-07-16 15:40:38 +02:00
[ noperm ]
path = $ noperm_shrdir
wide links = yes
guest ok = yes
2012-12-20 23:05:55 +11:00
[ write - list - tmp ]
path = $ shrdir
read only = yes
write list = $ unix_name
[ valid - users - tmp ]
path = $ shrdir
valid users = $ unix_name
2016-02-29 22:09:57 +02:00
access based share enum = yes
2010-05-29 00:09:14 +02:00
[ msdfs - share ]
path = $ msdfs_shrdir
msdfs root = yes
2015-02-27 14:52:47 +00:00
msdfs shuffle referrals = yes
2010-05-29 00:09:14 +02:00
guest ok = yes
2023-07-28 09:40:57 +01:00
[ msdfs - share - wl ]
path = $ msdfs_shrdir
msdfs root = yes
wide links = yes
guest ok = yes
2022-06-17 10:15:42 +01:00
[ msdfs - share2 ]
path = $ msdfs_shrdir2
msdfs root = yes
guest ok = yes
2022-08-29 14:37:35 -07:00
[ msdfs - pathname - share ]
path = $ msdfs_pathname_share
msdfs root = yes
guest ok = yes
2022-09-08 16:42:26 -07:00
[ non - msdfs - pathname - share ]
path = $ non_msdfs_pathname_share
msdfs root = no
guest ok = yes
2007-04-18 00:12:39 +00:00
[ hideunread ]
copy = tmp
hide unreadable = yes
2010-05-29 00:09:14 +02:00
[ tmpcase ]
copy = tmp
case sensitive = yes
2007-04-18 00:12:39 +00:00
[ hideunwrite ]
copy = tmp
hide unwriteable files = yes
2012-08-09 15:27:50 +02:00
[ durable ]
copy = tmp
kernel share modes = no
kernel oplocks = no
posix locking = no
2013-11-18 14:54:26 +01:00
[ fs_specific ]
copy = tmp
$ fs_specific_conf
2007-04-18 00:12:39 +00:00
[ print1 ]
copy = tmp
printable = yes
2009-04-22 23:54:10 +02:00
2007-04-18 00:12:39 +00:00
[ print2 ]
copy = print1
[ print3 ]
copy = print1
2012-11-29 12:10:45 +01:00
default devmode = no
2021-03-11 14:46:28 +01:00
[ print_var_exp ]
copy = print1
print command = $ self - > { srcdir } /source3/sc ript /tests/ printing / printing_var_exp_lpr_cmd . sh \ " Windows user: % U \ " \ " UNIX user: % u \ " \ " Domain: % D \ "
2010-09-02 13:39:12 +02:00
[ lp ]
2007-04-18 00:12:39 +00:00
copy = print1
2013-04-14 20:04:45 +10:00
2017-10-23 13:35:49 +02:00
[ nfs4acl_simple_40 ]
2013-04-14 20:04:45 +10:00
path = $ shrdir
comment = smb username is [ % U ]
2013-04-28 19:06:59 +02:00
nfs4:mode = simple
2017-10-23 13:35:49 +02:00
nfs4acl_xattr:version = 40
2013-05-22 16:13:21 +10:00
vfs objects = nfs4acl_xattr xattr_tdb
2013-04-28 19:06:59 +02:00
2017-10-23 13:35:49 +02:00
[ nfs4acl_special_40 ]
2013-04-28 19:06:59 +02:00
path = $ shrdir
comment = smb username is [ % U ]
nfs4:mode = special
2017-10-23 13:35:49 +02:00
nfs4acl_xattr:version = 40
2013-05-22 16:13:21 +10:00
vfs objects = nfs4acl_xattr xattr_tdb
2013-04-14 20:04:45 +10:00
2017-10-23 14:05:19 +02:00
[ nfs4acl_simple_41 ]
path = $ shrdir
comment = smb username is [ % U ]
nfs4:mode = simple
vfs objects = nfs4acl_xattr xattr_tdb
2017-09-07 17:29:03 +02:00
[ nfs4acl_xdr_40 ]
path = $ shrdir
comment = smb username is [ % U ]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = xdr
nfs4acl_xattr:version = 40
2017-10-19 14:24:03 +02:00
[ nfs4acl_xdr_41 ]
path = $ shrdir
comment = smb username is [ % U ]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = xdr
nfs4acl_xattr:version = 41
2018-11-26 20:51:14 +01:00
[ nfs4acl_nfs_40 ]
path = $ shrdir
comment = smb username is [ % U ]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = nfs
nfs4acl_xattr:version = 40
nfs4acl_xattr:xattr_name = security . nfs4acl_xdr
[ nfs4acl_nfs_41 ]
path = $ shrdir
comment = smb username is [ % U ]
vfs objects = nfs4acl_xattr xattr_tdb
nfs4:mode = simple
nfs4acl_xattr:encoding = nfs
nfs4acl_xattr:version = 41
nfs4acl_xattr:xattr_name = security . nfs4acl_xdr
2011-10-28 12:15:51 -07:00
[ xcopy_share ]
path = $ shrdir
comment = smb username is [ % U ]
create mask = 777
force create mode = 777
2012-06-04 20:43:09 -07:00
[ posix_share ]
path = $ shrdir
comment = smb username is [ % U ]
create mask = 0777
force create mode = 0
directory mask = 0777
force directory mode = 0
2016-07-19 09:24:38 -07:00
vfs objects = xattr_tdb streams_depot
2022-06-15 15:39:00 -06:00
[ smb3_posix_share ]
vfs objects = fake_acls xattr_tdb streams_depot time_audit full_audit
create mask = 07777
directory mask = 07777
mangled names = no
path = $ shrdir
read only = no
guest ok = yes
2013-12-05 15:20:06 -07:00
[ aio ]
2012-10-24 15:55:20 +02:00
copy = durable
2013-12-05 15:20:06 -07:00
aio read size = 1
aio write size = 1
2012-06-04 20:43:09 -07:00
2010-04-23 13:51:02 +02:00
[ print \ $]
copy = tmp
2014-07-08 05:47:02 +02:00
[ vfs_fruit ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb
2016-11-08 12:35:12 +01:00
fruit:resource = file
2014-07-08 05:47:02 +02:00
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
2017-11-17 13:52:25 +01:00
fruit:veto_appledouble = no
2014-08-27 13:15:29 -07:00
2018-03-16 21:55:26 +01:00
[ vfs_fruit_xattr ]
path = $ shrdir
# This is used by vfs.fruit tests that require real fs xattr
vfs objects = catia fruit streams_xattr acl_xattr
fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
fruit:veto_appledouble = no
2016-11-15 15:25:14 +01:00
[ vfs_fruit_metadata_stream ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2016-11-15 15:25:14 +01:00
fruit:resource = file
fruit:metadata = stream
2017-11-17 13:52:25 +01:00
fruit:veto_appledouble = no
2016-11-15 15:25:14 +01:00
2016-12-02 07:42:07 +01:00
[ vfs_fruit_stream_depot ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = fruit streams_depot acl_xattr xattr_tdb
2016-12-02 07:42:07 +01:00
fruit:resource = stream
fruit:metadata = stream
2017-11-17 13:52:25 +01:00
fruit:veto_appledouble = no
2016-12-02 07:42:07 +01:00
2016-12-11 19:06:46 +01:00
[ vfs_wo_fruit ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = streams_xattr acl_xattr xattr_tdb
2016-12-11 19:06:46 +01:00
[ vfs_wo_fruit_stream_depot ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = streams_depot acl_xattr xattr_tdb
2016-12-11 19:06:46 +01:00
2018-01-02 19:09:04 +01:00
[ vfs_fruit_timemachine ]
path = $ shrdir
2018-03-16 21:57:31 +01:00
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2018-01-02 19:09:04 +01:00
fruit:resource = file
fruit:metadata = stream
fruit:time machine = yes
fruit:time machine max size = 32 K
2018-10-04 14:28:15 +02:00
[ vfs_fruit_wipe_intentionally_left_blank_rfork ]
path = $ shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:wipe_intentionally_left_blank_rfork = true
fruit:delete_empty_adfiles = false
fruit:veto_appledouble = no
[ vfs_fruit_delete_empty_adfiles ]
path = $ shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:wipe_intentionally_left_blank_rfork = true
fruit:delete_empty_adfiles = true
fruit:veto_appledouble = no
2019-06-30 14:24:59 +02:00
[ vfs_fruit_zero_fileid ]
path = $ shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = file
fruit:metadata = stream
fruit:zero_file_id = yes
2023-10-20 15:45:31 +02:00
fruit:validate_afpinfo = no
2019-06-30 14:24:59 +02:00
2022-06-17 17:49:43 -07:00
[ fruit_resource_stream ]
path = $ fruit_resource_stream_shrdir
vfs objects = fruit streams_xattr acl_xattr xattr_tdb
fruit:resource = stream
fruit:metadata = stream
2014-08-27 13:15:29 -07:00
[ badname - tmp ]
path = $ badnames_shrdir
guest ok = yes
2014-11-17 14:17:34 -08:00
2015-05-01 21:08:21 -07:00
[ manglenames_share ]
path = $ manglenames_shrdir
guest ok = yes
2014-11-17 14:17:34 -08:00
[ dynamic_share ]
2021-02-09 16:54:18 +01:00
path = $ shrdir /dynamic/ % t
2014-11-17 14:17:34 -08:00
guest ok = yes
2021-02-09 16:54:18 +01:00
root preexec = mkdir % P
2013-05-15 00:42:35 +02:00
2015-07-09 13:57:58 -07:00
[ widelinks_share ]
path = $ widelinks_shrdir
wide links = no
guest ok = yes
2013-05-15 00:42:35 +02:00
[ fsrvp_share ]
2019-07-30 17:16:59 +02:00
path = $ fsrvp_shrdir
2023-06-30 12:04:33 +02:00
comment = fake snapshots using rsync
2013-05-15 00:42:35 +02:00
vfs objects = shell_snap shadow_copy2
shell_snap:check path command = $ fake_snap_pl - - check
shell_snap:create command = $ fake_snap_pl - - create
shell_snap:delete command = $ fake_snap_pl - - delete
# a relative path here fails, the snapshot dir is no longer found
2019-07-30 17:16:59 +02:00
shadow:snapdir = $ fsrvp_shrdir / . snapshots
2015-10-29 22:24:30 +02:00
[ shadow1 ]
path = $ shadow_shrdir
comment = previous versions snapshots under mount point
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
[ shadow2 ]
path = $ shadow_shrdir
comment = previous versions snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
shadow:snapdir = $ shadow_tstdir / . snapshots
[ shadow3 ]
path = $ shadow_shrdir
comment = previous versions with subvolume snapshots , snapshots under base dir
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
[ shadow4 ]
path = $ shadow_shrdir
comment = previous versions with subvolume snapshots , snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_tstdir / . snapshots
[ shadow5 ]
path = $ shadow_shrdir
comment = previous versions at volume root snapshots under mount point
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_shrdir
[ shadow6 ]
path = $ shadow_shrdir
comment = previous versions at volume root snapshots outside mount point
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_shrdir
shadow:snapdir = $ shadow_tstdir / . snapshots
[ shadow7 ]
path = $ shadow_shrdir
comment = previous versions snapshots everywhere
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
shadow:snapdirseverywhere = yes
2015-11-03 11:15:52 +02:00
[ shadow8 ]
path = $ shadow_shrdir
comment = previous versions using snapsharepath
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
shadow:snapdir = $ shadow_tstdir / . snapshots
shadow:snapsharepath = share
2016-07-12 09:33:29 +00:00
[ shadow_fmt0 ]
comment = Testing shadow:format with default option
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:format = \ @ GMT - % Y . % m . % d - % H . % M . % S
[ shadow_fmt1 ]
comment = Testing shadow:format with only date component
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:format = \ @ GMT - % Y - % m - % d
[ shadow_fmt2 ]
comment = Testing shadow:format with some hardcoded prefix
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:format = snap \ @ GMT - % Y . % m . % d - % H . % M . % S
[ shadow_fmt3 ]
comment = Testing shadow:format with modified format
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:format = \ @ GMT - % Y . % m . % d - % H_ % M_ % S - snap
2016-07-13 16:15:27 +00:00
[ shadow_fmt4 ]
comment = Testing shadow:snapprefix regex
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:snapprefix = \ ^ s[a-z] * p \ $
shadow:format = _GMT - % Y . % m . % d - % H . % M . % S
[ shadow_fmt5 ]
comment = Testing shadow:snapprefix with delim regex
vfs object = shadow_copy2
path = $ shadow_shrdir
read only = no
guest ok = yes
shadow:mountpoint = $ shadow_mntdir
shadow:basedir = $ shadow_basedir
shadow:snapdir = $ shadow_basedir / . snapshots
shadow:delimiter = \ @ GMT
shadow:snapprefix = [ a - z ] *
shadow:format = \ @ GMT - % Y . % m . % d - % H . % M . % S
2015-10-29 22:24:30 +02:00
[ shadow_wl ]
path = $ shadow_shrdir
comment = previous versions with wide links allowed
vfs objects = shadow_copy2
shadow:mountpoint = $ shadow_mntdir
wide links = yes
2018-11-23 10:18:44 +01:00
[ shadow_write ]
path = $ shadow_tstdir
comment = previous versions snapshots under mount point
2018-11-23 14:36:56 +01:00
vfs objects = shadow_copy2 streams_xattr error_inject
2018-11-23 10:18:44 +01:00
aio write size = 0
error_inject:pwrite = EBADF
shadow:mountpoint = $ shadow_tstdir
2021-07-06 07:20:15 +02:00
shadow:fixinodes = yes
2022-02-23 18:14:38 +01:00
smbd async dosmode = yes
2018-11-23 10:18:44 +01:00
2023-04-14 15:34:17 +00:00
[ shadow_depot ]
path = $ shadow_shrdir
comment = previous versions with streams_depot
vfs objects = streams_depot shadow_copy2
2016-01-06 12:59:06 +02:00
[ dfq ]
path = $ shrdir / dfree
2016-08-11 23:54:22 +03:00
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
2016-01-06 12:59:06 +02:00
admin users = $ unix_name
include = $ dfqconffile
2018-05-23 11:07:54 -07:00
[ dfq_cache ]
path = $ shrdir / dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
admin users = $ unix_name
include = $ dfqconffile
dfree cache time = 60
2016-08-11 23:54:22 +03:00
[ dfq_owner ]
path = $ shrdir / dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
inherit owner = yes
include = $ dfqconffile
2017-03-21 08:29:59 +00:00
[ quotadir ]
path = $ shrdir / quota
admin users = $ unix_name
2016-08-25 16:30:24 +02:00
[ acl_xattr_ign_sysacl_posix ]
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = posix
[ acl_xattr_ign_sysacl_windows ]
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = windows
2016-12-15 13:05:50 +01:00
[ mangle_illegal ]
copy = tmp
mangled names = illegal
2017-03-01 18:13:35 +01:00
2017-03-27 11:48:25 -07:00
[ nosymlinks ]
copy = tmp
path = $ nosymlinks_shrdir
follow symlinks = no
2022-10-27 12:48:59 +02:00
[ nosymlinks_smb1allow ]
copy = nosymlinks
follow symlinks = yes
2017-03-27 11:48:25 -07:00
2017-06-23 11:12:22 -07:00
[ local_symlinks ]
copy = tmp
path = $ local_symlinks_shrdir
follow symlinks = yes
2017-03-01 18:13:35 +01:00
[ kernel_oplocks ]
copy = tmp
kernel oplocks = yes
vfs objects = streams_xattr xattr_tdb
2017-02-23 22:20:39 +01:00
2018-04-11 10:33:22 -07:00
[ streams_xattr ]
copy = tmp
vfs objects = streams_xattr xattr_tdb
2023-02-28 11:14:34 -08:00
[ streams_xattr_nostrict ]
copy = tmp
strict rename = no
vfs objects = streams_xattr xattr_tdb
2022-07-27 13:37:32 +02:00
[ acl_streams_xattr ]
copy = tmp
vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb
acl_xattr:ignore system acls = yes
acl_xattr:security_acl_name = user . acl
xattr_tdb:ignore_user_xattr = yes
2017-02-23 22:20:39 +01:00
[ compound_find ]
copy = tmp
smbd:find async delay usec = 10000
2017-12-13 11:34:05 -07:00
[ error_inject ]
copy = tmp
vfs objects = error_inject
2018-08-31 12:44:09 +02:00
include = $ errorinjectconf
2018-08-30 19:15:19 +02:00
[ delay_inject ]
copy = tmp
vfs objects = delay_inject
kernel share modes = no
kernel oplocks = no
posix locking = no
2018-08-31 12:44:09 +02:00
include = $ delayinjectconf
2018-10-28 19:29:26 +01:00
[ aio_delay_inject ]
copy = tmp
vfs objects = delay_inject
delay_inject:pread_send = 2000
delay_inject:pwrite_send = 2000
2018-11-02 12:03:51 -07:00
2019-08-20 15:53:59 +02:00
[ brl_delay_inject1 ]
copy = tmp
vfs objects = delay_inject
delay_inject:brl_lock_windows = 90
delay_inject:brl_lock_windows_use_timer = yes
[ brl_delay_inject2 ]
copy = tmp
vfs objects = delay_inject
delay_inject:brl_lock_windows = 90
delay_inject:brl_lock_windows_use_timer = no
2018-11-02 12:03:51 -07:00
[ delete_readonly ]
path = $ prefix_abs / share
delete readonly = yes
2020-09-08 12:30:08 +02:00
[ enc_desired ]
path = $ prefix_abs / share
vfs objects =
server smb encrypt = desired
2020-09-08 10:15:20 +02:00
[ enc_off ]
path = $ prefix_abs / share
vfs objects =
server smb encrypt = off
2020-07-20 16:49:39 +02:00
[ notify_priv ]
copy = tmp
2018-11-06 15:21:37 +01:00
honor change notify privilege = yes
2021-05-26 12:31:32 +02:00
[ acls_non_canonical ]
copy = tmp
2021-05-25 19:04:10 +02:00
acl flag inherited canonicalization = no
2022-06-16 11:57:58 -07:00
[ full_audit_success_bad_name ]
copy = tmp
full_audit:success = badname
[ full_audit_fail_bad_name ]
copy = tmp
full_audit:failure = badname
2022-11-07 20:34:57 +01:00
[ only_ipv6 ]
copy = tmpguest
server addresses = $ server_ipv6
2022-11-15 16:35:15 +01:00
2023-03-30 10:16:35 +02:00
[ smbget ]
path = $ smbget_sharedir
comment = smb username is [ % U ]
guest ok = yes
2022-11-15 16:35:15 +01:00
include = $ aliceconfdir / % U . conf
2007-04-18 00:12:39 +00:00
" ;
2020-09-08 12:30:08 +02:00
2007-04-18 00:12:39 +00:00
close ( CONF ) ;
2016-01-06 12:59:06 +02:00
2018-02-26 14:56:27 +01:00
my $ net = Samba:: bindir_path ( $ self , "net" ) ;
my $ cmd = "" ;
2020-01-17 09:42:19 +11:00
$ cmd . = "UID_WRAPPER_ROOT=1 " ;
2018-02-26 14:56:27 +01:00
$ cmd . = "SMB_CONF_PATH=\"$conffile\" " ;
$ cmd . = "$net setlocalsid $samsid" ;
2020-01-16 13:23:40 +01:00
my $ net_ret = system ( $ cmd ) ;
if ( $ net_ret != 0 ) {
warn ( "net setlocalsid failed: $net_ret\n$cmd" ) ;
2018-02-26 14:56:27 +01:00
return undef ;
}
2018-08-31 12:44:09 +02:00
unless ( open ( ERRORCONF , ">$errorinjectconf" ) ) {
warn ( "Unable to open $errorinjectconf" ) ;
return undef ;
}
close ( ERRORCONF ) ;
unless ( open ( DELAYCONF , ">$delayinjectconf" ) ) {
warn ( "Unable to open $delayinjectconf" ) ;
return undef ;
}
close ( DELAYCONF ) ;
2016-01-06 12:59:06 +02:00
unless ( open ( DFQCONF , ">$dfqconffile" ) ) {
warn ( "Unable to open $dfqconffile" ) ;
return undef ;
}
close ( DFQCONF ) ;
2007-03-21 15:57:07 +00:00
2019-10-07 23:51:19 +03:00
unless ( open ( DELAYCONF , ">$globalinjectconf" ) ) {
warn ( "Unable to open $globalinjectconf" ) ;
return undef ;
}
close ( DELAYCONF ) ;
2022-11-15 16:35:15 +01:00
unless ( open ( ALICECONF , ">$aliceconffile" ) ) {
warn ( "Unable to open $aliceconffile" ) ;
return undef ;
}
print ALICECONF "
[ alice_share ]
path = $ shrdir
comment = smb username is [ % U ]
" ;
close ( ALICECONF ) ;
2007-04-18 00:12:39 +00:00
##
## create a test account
##
2011-05-08 06:54:50 +02:00
unless ( open ( PASSWD , ">$nss_wrapper_passwd" ) ) {
warn ( "Unable to open $nss_wrapper_passwd" ) ;
return undef ;
2022-02-08 15:34:56 +01:00
}
2010-03-18 12:12:58 +01:00
print PASSWD " nobody:x: $ uid_nobody: $ gid_nobody:nobody gecos: $ prefix_abs: /bin/ false
2009-01-28 17:28:51 +01:00
$ unix_name:x: $ unix_uid: $ unix_gids [ 0 ] : $ unix_name gecos: $ prefix_abs: /bin/ false
2012-06-27 17:51:55 +10:00
pdbtest:x: $ uid_pdbtest: $ gid_nogroup:pdbtest gecos: $ prefix_abs: /bin/ false
2014-05-16 14:30:43 +12:00
pdbtest2:x: $ uid_pdbtest2: $ gid_nogroup:pdbtest gecos: $ prefix_abs: /bin/ false
2015-07-28 11:28:20 -07:00
userdup:x: $ uid_userdup: $ gid_userdup:userdup gecos: $ prefix_abs: /bin/ false
2015-11-17 23:14:36 +02:00
pdbtest_wkn:x: $ uid_pdbtest_wkn: $ gid_everyone:pdbtest_wkn gecos: $ prefix_abs: /bin/ false
2015-12-04 14:50:56 +01:00
force_user:x: $ uid_force_user: $ gid_force_user:force user gecos: $ prefix_abs: /bin/ false
2016-02-06 10:30:29 +01:00
smbget_user:x: $ uid_smbget: $ gid_domusers:smbget_user gecos: $ prefix_abs: /bin/ false
2016-08-11 23:54:22 +03:00
user1:x: $ uid_user1: $ gid_nogroup:user1 gecos: $ prefix_abs: /bin/ false
user2:x: $ uid_user2: $ gid_nogroup:user2 gecos: $ prefix_abs: /bin/ false
2018-11-15 16:06:49 +01:00
gooduser:x: $ uid_gooduser: $ gid_domusers:gooduser gecos: $ prefix_abs: /bin/ false
eviluser:x: $ uid_eviluser: $ gid_domusers:eviluser gecos:: /bin/ false
2018-12-03 11:05:46 +01:00
slashuser:x: $ uid_slashuser: $ gid_domusers:slashuser gecos: /:/ bin / false
2021-11-12 14:20:45 +13:00
bob:x: $ uid_localbob: $ gid_domusers:localbob gecos: /:/ bin / false
jane:x: $ uid_localjane: $ gid_domusers:localjane gecos: /:/ bin / false
2022-04-01 15:56:30 +02:00
jackthemapper:x: $ uid_localjackthemapper: $ gid_domusers:localjackthemaper gecos: /:/ bin / false
jacknomapper:x: $ uid_localjacknomapper: $ gid_domusers:localjacknomaper gecos: /:/ bin / false
2009-01-28 17:28:51 +01:00
" ;
2010-03-18 12:12:58 +01:00
if ( $ unix_uid != 0 ) {
2013-07-01 13:02:46 +02:00
print PASSWD " root:x: $ uid_root: $ gid_root:root gecos: $ prefix_abs: /bin/ false
" ;
2010-03-18 12:12:58 +01:00
}
2009-01-28 17:28:51 +01:00
close ( PASSWD ) ;
2011-05-08 06:54:50 +02:00
unless ( open ( GROUP , ">$nss_wrapper_group" ) ) {
warn ( "Unable to open $nss_wrapper_group" ) ;
return undef ;
}
2010-03-18 12:12:58 +01:00
print GROUP " nobody:x: $ gid_nobody:
nogroup:x: $ gid_nogroup:nobody
2009-01-28 17:28:51 +01:00
$ unix_name - group:x: $ unix_gids [ 0 ] :
2010-11-08 13:39:51 -08:00
domusers:X: $ gid_domusers:
2012-11-20 16:48:23 +01:00
domadmins:X: $ gid_domadmins:
2015-07-28 11:28:20 -07:00
userdup:x: $ gid_userdup: $ unix_name
2015-11-17 23:14:36 +02:00
everyone:x: $ gid_everyone:
2015-12-04 14:50:56 +01:00
force_user:x: $ gid_force_user:
2022-04-05 08:30:23 +02:00
jackthemappergroup:x: $ gid_jackthemapper:jackthemapper
jacknomappergroup:x: $ gid_jacknomapper:jacknomapper
2009-01-28 17:28:51 +01:00
" ;
2010-03-18 12:12:58 +01:00
if ( $ unix_gids [ 0 ] != 0 ) {
2013-07-01 13:02:46 +02:00
print GROUP " root:x: $ gid_root:
" ;
2010-03-18 12:12:58 +01:00
}
2009-01-28 17:28:51 +01:00
close ( GROUP ) ;
2013-06-27 16:12:47 +02:00
## hosts
my $ hostname = lc ( $ server ) ;
unless ( open ( HOSTS , ">>$nss_wrapper_hosts" ) ) {
warn ( "Unable to open $nss_wrapper_hosts" ) ;
return undef ;
}
2021-01-14 08:14:46 +01:00
print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n" ;
print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n" ;
2013-06-27 16:12:47 +02:00
close ( HOSTS ) ;
2020-02-27 12:33:48 +01:00
$ resolv_conf = "$privatedir/no_resolv.conf" unless defined ( $ resolv_conf ) ;
2013-06-27 16:12:47 +02:00
2010-03-17 22:55:00 +01:00
foreach my $ evlog ( @ eventlog_list ) {
my $ evlogtdb = "$eventlogdir/$evlog.tdb" ;
open ( EVENTLOG , ">$evlogtdb" ) or die ( "Unable to open $evlogtdb" ) ;
close ( EVENTLOG ) ;
}
2017-12-08 15:20:36 +13:00
$ createuser_env { NSS_WRAPPER_PASSWD } = $ nss_wrapper_passwd ;
$ createuser_env { NSS_WRAPPER_GROUP } = $ nss_wrapper_group ;
$ createuser_env { NSS_WRAPPER_HOSTS } = $ nss_wrapper_hosts ;
2023-04-12 17:22:02 +02:00
$ createuser_env { NSS_WRAPPER_HOSTNAME } = "${hostname}.${dns_domain}" ;
2014-09-04 14:33:05 +02:00
if ( $ ENV { SAMBA_DNS_FAKING } ) {
2017-12-08 15:20:36 +13:00
$ createuser_env { RESOLV_WRAPPER_HOSTS } = $ dns_host_file ;
2018-05-30 17:03:55 +02:00
} else {
$ createuser_env { RESOLV_WRAPPER_CONF } = $ resolv_conf ;
2014-09-04 14:33:05 +02:00
}
2019-10-30 18:17:36 +01:00
$ createuser_env { RESOLV_CONF } = $ resolv_conf ;
2009-01-28 17:28:51 +01:00
2017-12-08 15:20:36 +13:00
createuser ( $ self , $ unix_name , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create user" ) ;
createuser ( $ self , "force_user" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create force_user" ) ;
createuser ( $ self , "smbget_user" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create smbget_user" ) ;
createuser ( $ self , "user1" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create user1" ) ;
createuser ( $ self , "user2" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create user2" ) ;
2018-11-15 16:06:49 +01:00
createuser ( $ self , "gooduser" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create gooduser" ) ;
createuser ( $ self , "eviluser" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create eviluser" ) ;
2018-12-03 11:05:46 +01:00
createuser ( $ self , "slashuser" , $ password , $ conffile , \ % createuser_env ) || die ( "Unable to create slashuser" ) ;
2022-04-01 15:56:30 +02:00
createuser ( $ self , "jackthemapper" , "mApsEcrEt" , $ conffile , \ % createuser_env ) || die ( "Unable to create jackthemapper" ) ;
createuser ( $ self , "jacknomapper" , "nOmApsEcrEt" , $ conffile , \ % createuser_env ) || die ( "Unable to create jacknomapper" ) ;
2007-04-18 00:12:39 +00:00
2012-09-26 10:02:43 +10:00
open ( DNS_UPDATE_LIST , ">$prefix/dns_update_list" ) or die ( "Unable to open $$prefix/dns_update_list" ) ;
2014-06-19 17:21:16 +02:00
print DNS_UPDATE_LIST "A $server. $server_ip\n" ;
print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n" ;
2012-09-26 10:02:43 +10:00
close ( DNS_UPDATE_LIST ) ;
2016-08-11 23:54:22 +03:00
print "DONE\n" ;
2007-04-18 00:12:39 +00:00
$ ret { SERVER_IP } = $ server_ip ;
2014-06-19 17:21:16 +02:00
$ ret { SERVER_IPV6 } = $ server_ipv6 ;
2021-06-18 19:11:19 +02:00
$ ret { SAMBA_DCERPCD_TEST_LOG } = "$prefix/samba_dcerpcd_test.log" ;
$ ret { SAMBA_DCERPCD_LOG_POS } = 0 ;
2007-04-18 00:12:39 +00:00
$ ret { NMBD_TEST_LOG } = "$prefix/nmbd_test.log" ;
2009-01-28 22:15:44 +01:00
$ ret { NMBD_TEST_LOG_POS } = 0 ;
2007-09-30 09:08:10 +00:00
$ ret { WINBINDD_TEST_LOG } = "$prefix/winbindd_test.log" ;
2009-01-28 22:15:44 +01:00
$ ret { WINBINDD_TEST_LOG_POS } = 0 ;
2007-04-18 00:12:39 +00:00
$ ret { SMBD_TEST_LOG } = "$prefix/smbd_test.log" ;
2009-01-28 22:15:44 +01:00
$ ret { SMBD_TEST_LOG_POS } = 0 ;
2007-04-18 00:12:39 +00:00
$ ret { SERVERCONFFILE } = $ conffile ;
2019-03-14 17:38:22 +13:00
$ ret { TESTENV_DIR } = $ prefix_abs ;
2021-04-14 11:44:51 +02:00
$ ret { CONFIGURATION } = "--configfile=$conffile" ;
2017-02-16 16:23:43 -07:00
$ ret { LOCK_DIR } = $ lockdir ;
2007-04-18 00:12:39 +00:00
$ ret { SERVER } = $ server ;
2009-01-28 17:28:51 +01:00
$ ret { USERNAME } = $ unix_name ;
2010-06-02 15:35:33 +02:00
$ ret { USERID } = $ unix_uid ;
2007-04-18 00:12:39 +00:00
$ ret { DOMAIN } = $ domain ;
2018-02-26 14:56:27 +01:00
$ ret { SAMSID } = $ samsid ;
2007-04-18 00:12:39 +00:00
$ ret { NETBIOSNAME } = $ server ;
$ ret { PASSWORD } = $ password ;
$ ret { PIDDIR } = $ piddir ;
2014-02-20 10:34:49 +01:00
$ ret { SELFTEST_WINBINDD_SOCKET_DIR } = $ wbsockdir ;
2011-01-07 21:28:45 -08:00
$ ret { NMBD_SOCKET_DIR } = $ nmbdsockdir ;
2009-01-28 22:15:44 +01:00
$ ret { SOCKET_WRAPPER_DEFAULT_IFACE } = $ swiface ;
2009-01-28 17:28:51 +01:00
$ ret { NSS_WRAPPER_PASSWD } = $ nss_wrapper_passwd ;
$ ret { NSS_WRAPPER_GROUP } = $ nss_wrapper_group ;
2013-06-27 16:12:47 +02:00
$ ret { NSS_WRAPPER_HOSTS } = $ nss_wrapper_hosts ;
2023-04-12 17:22:02 +02:00
$ ret { NSS_WRAPPER_HOSTNAME } = "${hostname}.${dns_domain}" ;
2013-06-12 15:42:01 +02:00
$ ret { NSS_WRAPPER_MODULE_SO_PATH } = Samba:: nss_wrapper_winbind_so_path ( $ self ) ;
$ ret { NSS_WRAPPER_MODULE_FN_PREFIX } = "winbind" ;
2014-09-04 14:33:05 +02:00
if ( $ ENV { SAMBA_DNS_FAKING } ) {
$ ret { RESOLV_WRAPPER_HOSTS } = $ dns_host_file ;
} else {
$ ret { RESOLV_WRAPPER_CONF } = $ resolv_conf ;
}
2019-10-30 18:17:36 +01:00
$ ret { RESOLV_CONF } = $ resolv_conf ;
2010-06-02 15:35:33 +02:00
$ ret { LOCAL_PATH } = "$shrdir" ;
2013-04-22 12:35:01 +02:00
$ ret { LOGDIR } = $ logdir ;
2009-01-28 17:28:51 +01:00
2015-10-25 15:02:17 +02:00
#
# Avoid hitting system krb5.conf -
# An env that needs Kerberos will reset this to the real
# value.
#
$ ret { KRB5_CONFIG } = abs_path ( $ prefix ) . "/no_krb5.conf" ;
2016-09-22 18:46:28 +02:00
# Define KRB5CCNAME for each environment we set up
$ ret { KRB5_CCACHE } = abs_path ( $ prefix ) . "/krb5ccache" ;
$ ENV { KRB5CCNAME } = $ ret { KRB5_CCACHE } ;
2007-04-18 00:12:39 +00:00
return \ % ret ;
2007-03-21 15:57:07 +00:00
}
2012-11-23 00:09:43 +01:00
sub wait_for_start ($$$$$)
2007-03-21 15:57:07 +00:00
{
2021-06-18 19:11:19 +02:00
my ( $ self , $ envvars , $ nmbd , $ winbindd , $ smbd , $ samba_dcerpcd ) = @ _ ;
2018-01-08 18:38:08 +01:00
my $ cmd ;
2018-01-08 14:28:40 +01:00
my $ netcmd ;
2012-11-23 00:18:44 +01:00
my $ ret ;
2012-11-23 00:09:43 +01:00
2021-06-18 19:11:19 +02:00
if ( $ samba_dcerpcd eq "yes" ) {
my $ count = 0 ;
my $ rpcclient = Samba:: bindir_path ( $ self , "rpcclient" ) ;
print "checking for samba_dcerpcd\n" ;
do {
$ ret = system ( "$rpcclient $envvars->{CONFIGURATION} ncalrpc: -c epmmap" ) ;
if ( $ ret != 0 ) {
sleep ( 1 ) ;
}
$ count + +
} while ( $ ret != 0 && $ count < 10 ) ;
if ( $ count == 10 ) {
print "samba_dcerpcd not reachable after 10 retries\n" ;
teardown_env ( $ self , $ envvars ) ;
return 0 ;
}
}
2012-11-23 00:09:43 +01:00
if ( $ nmbd eq "yes" ) {
2014-07-25 16:45:29 +02:00
my $ count = 0 ;
# give time for nbt server to register its names
print "checking for nmbd\n" ;
# This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init
my $ nmblookup = Samba:: bindir_path ( $ self , "nmblookup" ) ;
do {
$ ret = system ( "$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}" ) ;
if ( $ ret != 0 ) {
sleep ( 1 ) ;
} else {
system ( "$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__" ) ;
system ( "$nmblookup $envvars->{CONFIGURATION} __SAMBA__" ) ;
2019-01-23 22:29:19 +01:00
system ( "$nmblookup $envvars->{CONFIGURATION} -U 10.255.255.255 __SAMBA__" ) ;
2014-07-25 16:45:29 +02:00
system ( "$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}" ) ;
}
$ count + + ;
} while ( $ ret != 0 && $ count < 10 ) ;
if ( $ count == 10 ) {
print "NMBD not reachable after 10 retries\n" ;
teardown_env ( $ self , $ envvars ) ;
return 0 ;
}
2012-11-23 00:09:43 +01:00
}
2011-04-07 13:07:23 +10:00
2021-10-05 16:42:00 +02:00
if ( $ winbindd eq "yes" or $ winbindd eq "offline" ) {
2012-11-23 00:18:44 +01:00
print "checking for winbindd\n" ;
my $ count = 0 ;
2018-01-08 18:38:08 +01:00
$ cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' " ;
2017-12-08 15:20:36 +13:00
$ cmd . = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' " ;
2021-10-05 16:42:00 +02:00
if ( $ winbindd eq "yes" ) {
$ cmd . = Samba:: bindir_path ( $ self , "wbinfo" ) . " --ping-dc" ;
} elsif ( $ winbindd eq "offline" ) {
$ cmd . = Samba:: bindir_path ( $ self , "wbinfo" ) . " --ping" ;
}
2017-12-08 15:20:36 +13:00
2012-11-23 00:18:44 +01:00
do {
2020-02-06 17:57:32 +11:00
$ ret = system ( $ cmd ) ;
2012-11-23 00:18:44 +01:00
if ( $ ret != 0 ) {
2016-06-16 01:00:13 +02:00
sleep ( 1 ) ;
2012-11-23 00:18:44 +01:00
}
$ count + + ;
2016-06-16 01:00:13 +02:00
} while ( $ ret != 0 && $ count < 20 ) ;
if ( $ count == 20 ) {
2012-11-23 00:18:44 +01:00
print "WINBINDD not reachable after 20 seconds\n" ;
teardown_env ( $ self , $ envvars ) ;
return 0 ;
}
}
2012-11-23 00:09:43 +01:00
if ( $ smbd eq "yes" ) {
# make sure smbd is also up set
print "wait for smbd\n" ;
2007-04-18 14:02:26 +00:00
2012-11-23 00:09:43 +01:00
my $ count = 0 ;
do {
2020-05-15 11:30:02 +02:00
if ( defined ( $ envvars - > { GNUTLS_FORCE_FIPS_MODE } ) ) {
# We don't have NTLM in FIPS mode, so lets use
# smbcontrol instead of smbclient.
$ cmd = Samba:: bindir_path ( $ self , "smbcontrol" ) ;
$ cmd . = " $envvars->{CONFIGURATION}" ;
$ cmd . = " smbd ping" ;
} else {
# This uses NTLM which is not available in FIPS
$ cmd = Samba:: bindir_path ( $ self , "smbclient" ) ;
$ cmd . = " $envvars->{CONFIGURATION}" ;
$ cmd . = " -L $envvars->{SERVER}" ;
$ cmd . = " -U%" ;
$ cmd . = " -I $envvars->{SERVER_IP}" ;
$ cmd . = " -p 139" ;
}
2018-08-22 17:24:38 +02:00
$ ret = system ( $ cmd ) ;
2012-11-23 00:09:43 +01:00
if ( $ ret != 0 ) {
2016-07-12 13:16:27 +02:00
sleep ( 1 ) ;
2012-11-23 00:09:43 +01:00
}
$ count + +
2016-07-12 13:16:27 +02:00
} while ( $ ret != 0 && $ count < 20 ) ;
if ( $ count == 20 ) {
2012-11-23 00:09:43 +01:00
print "SMBD failed to start up in a reasonable time (20sec)\n" ;
teardown_env ( $ self , $ envvars ) ;
return 0 ;
2011-04-07 13:07:23 +10:00
}
}
2012-11-23 00:09:43 +01:00
2010-11-08 13:39:51 -08:00
# Ensure we have domain users mapped.
2018-01-08 14:28:40 +01:00
$ netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' " ;
$ netcmd . = "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' " ;
2016-07-12 13:12:24 +02:00
$ netcmd . = "UID_WRAPPER_ROOT='1' " ;
2018-01-08 14:28:40 +01:00
$ netcmd . = Samba:: bindir_path ( $ self , "net" ) . " $envvars->{CONFIGURATION} " ;
2018-05-07 16:20:30 +02:00
$ cmd = $ netcmd . "groupmap delete ntgroup=domusers" ;
$ ret = system ( $ cmd ) ;
2018-01-08 14:28:40 +01:00
$ cmd = $ netcmd . "groupmap add rid=513 unixgroup=domusers type=domain" ;
$ ret = system ( $ cmd ) ;
2011-04-12 09:05:34 +10:00
if ( $ ret != 0 ) {
2018-01-08 14:28:40 +01:00
print ( "\"$cmd\" failed\n" ) ;
return 1 ;
2011-04-12 09:05:34 +10:00
}
2018-01-08 14:28:40 +01:00
2018-05-07 16:20:30 +02:00
$ cmd = $ netcmd . "groupmap delete ntgroup=domadmins" ;
$ ret = system ( $ cmd ) ;
2018-01-08 14:28:40 +01:00
$ cmd = $ netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain" ;
$ ret = system ( $ cmd ) ;
2015-11-17 23:14:36 +02:00
if ( $ ret != 0 ) {
2018-01-08 14:28:40 +01:00
print ( "\"$cmd\" failed\n" ) ;
return 1 ;
2015-11-17 23:14:36 +02:00
}
2018-01-08 14:28:40 +01:00
2018-05-07 16:20:30 +02:00
$ cmd = $ netcmd . "groupmap delete ntgroup=everyone" ;
$ ret = system ( $ cmd ) ;
2018-01-08 14:28:40 +01:00
$ cmd = $ netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin" ;
$ ret = system ( $ cmd ) ;
2012-11-20 16:48:23 +01:00
if ( $ ret != 0 ) {
2018-01-08 14:28:40 +01:00
print ( "\"$cmd\" failed\n" ) ;
return 1 ;
2012-11-20 16:48:23 +01:00
}
2010-11-08 13:39:51 -08:00
2018-01-08 18:38:08 +01:00
# note: creating builtin groups requires winbindd for the
# unix id allocator
my $ create_builtin_users = "no" ;
2012-11-23 01:35:30 +01:00
if ( $ winbindd eq "yes" ) {
2018-01-08 18:38:08 +01:00
$ cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' " ;
$ cmd . = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' " ;
$ cmd . = Samba:: bindir_path ( $ self , "wbinfo" ) . " --sid-to-gid=S-1-5-32-545" ;
my $ wbinfo_out = qx( $cmd 2>&1 ) ;
if ( $? != 0 ) {
# wbinfo doesn't give us a better error code then
# WBC_ERR_DOMAIN_NOT_FOUND, but at least that's
# different then WBC_ERR_WINBIND_NOT_AVAILABLE
if ( $ wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/ ) {
print ( "Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out" ) ;
teardown_env ( $ self , $ envvars ) ;
return 0 ;
}
$ create_builtin_users = "yes" ;
}
}
if ( $ create_builtin_users eq "yes" ) {
2018-01-09 10:40:41 +01:00
$ cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' " ;
2018-01-15 15:25:10 +13:00
$ cmd . = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' " ;
2018-01-09 10:40:41 +01:00
$ cmd . = Samba:: bindir_path ( $ self , "net" ) . " $envvars->{CONFIGURATION} " ;
$ cmd . = "sam createbuiltingroup Users" ;
$ ret = system ( $ cmd ) ;
2012-11-23 01:35:30 +01:00
if ( $ ret != 0 ) {
print "Failed to create BUILTIN\\Users group\n" ;
2018-01-08 18:45:01 +01:00
teardown_env ( $ self , $ envvars ) ;
2012-11-23 01:35:30 +01:00
return 0 ;
}
2018-01-09 10:45:59 +01:00
$ cmd = Samba:: bindir_path ( $ self , "net" ) . " $envvars->{CONFIGURATION} " ;
$ cmd . = "cache del IDMAP/SID2XID/S-1-5-32-545" ;
system ( $ cmd ) ;
2018-01-09 10:46:40 +01:00
$ cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' " ;
2018-01-15 15:25:10 +13:00
$ cmd . = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' " ;
$ cmd . = "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' " ;
2018-01-09 10:46:40 +01:00
$ cmd . = Samba:: bindir_path ( $ self , "wbinfo" ) . " --sid-to-gid=S-1-5-32-545" ;
$ ret = system ( $ cmd ) ;
2018-01-08 18:45:01 +01:00
if ( $ ret != 0 ) {
print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n" ;
2012-11-23 01:35:30 +01:00
teardown_env ( $ self , $ envvars ) ;
return 0 ;
}
}
2007-04-18 14:02:26 +00:00
print $ self - > getlog_env ( $ envvars ) ;
2011-04-12 09:05:34 +10:00
return 1 ;
2007-03-21 15:57:07 +00:00
}
2016-07-12 13:12:24 +02:00
##
## provision and start of ctdb
##
sub setup_ctdb ($$)
{
my ( $ self , $ prefix ) = @ _ ;
my $ num_nodes = 3 ;
my $ data = $ self - > provision_ctdb ( $ prefix , $ num_nodes ) ;
$ data or return undef ;
my $ rc = $ self - > check_or_start_ctdb ( $ data ) ;
if ( not $ rc ) {
print ( "check_or_start_ctdb() failed\n" ) ;
return undef ;
}
$ rc = $ self - > wait_for_start_ctdb ( $ data ) ;
if ( not $ rc ) {
print "Cluster startup failed\n" ;
return undef ;
}
return $ data ;
}
sub provision_ctdb ($$$$)
{
my ( $ self , $ prefix , $ num_nodes , $ no_delete_prefix ) = @ _ ;
my $ rc ;
print "PROVISIONING CTDB...\n" ;
my $ prefix_abs = abs_path ( $ prefix ) ;
#
# check / create directories:
#
die ( "prefix_abs = ''" ) if $ prefix_abs eq "" ;
die ( "prefix_abs = '/'" ) if $ prefix_abs eq "/" ;
mkdir ( $ prefix_abs , 0777 ) ;
print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n" ;
if ( not defined ( $ no_delete_prefix ) or not $ no_delete_prefix ) {
system ( "rm -rf $prefix_abs/*" ) ;
}
#
# Per-node data
#
my @ nodes = ( ) ;
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
my % node = ( ) ;
my $ server_name = "ctdb${i}" ;
my $ pub_iface = Samba:: get_interface ( $ server_name ) ;
2019-01-23 22:29:19 +01:00
my $ ip = Samba:: get_ipv4_addr ( $ server_name ) ;
2016-07-12 13:12:24 +02:00
$ node { NODE_NUMBER } = "$i" ;
$ node { SERVER_NAME } = "$server_name" ;
$ node { SOCKET_WRAPPER_DEFAULT_IFACE } = "$pub_iface" ;
$ node { IP } = "$ip" ;
push ( @ nodes , \ % node ) ;
}
#
# nodes
#
my $ nodes_file = "$prefix/nodes.in" ;
unless ( open ( NODES , ">$nodes_file" ) ) {
warn ( "Unable to open nodesfile '$nodes_file'" ) ;
return undef ;
}
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
my $ ip = $ nodes [ $ i ] - > { IP } ;
print NODES "${ip}\n" ;
}
close ( NODES ) ;
#
# local_daemons.sh setup
#
# Socket wrapper setup is done by selftest.pl, so don't use
# the CTDB-specific setup
#
my $ cmd ;
$ cmd . = "ctdb/tests/local_daemons.sh " . $ prefix_abs . " setup" ;
$ cmd . = " -n " . $ num_nodes ;
$ cmd . = " -N " . $ nodes_file ;
# CTDB should not attempt to manage public addresses -
# clients should just connect to CTDB private addresses
$ cmd . = " -P " . "/dev/null" ;
my $ ret = system ( $ cmd ) ;
if ( $ ret != 0 ) {
print ( "\"$cmd\" failed\n" ) ;
return undef ;
}
#
# Unix domain socket and node directory for each daemon
#
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
my ( $ cmd , $ ret , $ out ) ;
my $ cmd_prefix = "ctdb/tests/local_daemons.sh ${prefix_abs}" ;
#
# socket
#
$ cmd = "${cmd_prefix} print-socket ${i}" ;
$ out = `$cmd` ;
$ ret = $? ;
if ( $ ret != 0 ) {
print ( "\"$cmd\" failed\n" ) ;
return undef ;
}
chomp $ out ;
$ nodes [ $ i ] - > { SOCKET_FILE } = "$out" ;
#
# node directory
#
$ cmd = "${cmd_prefix} onnode ${i} 'echo \$CTDB_BASE'" ;
$ out = `$cmd` ;
$ ret = $? ;
if ( $ ret != 0 ) {
print ( "\"$cmd\" failed\n" ) ;
return undef ;
}
chomp $ out ;
$ nodes [ $ i ] - > { NODE_PREFIX } = "$out" ;
}
my % ret = ( ) ;
$ ret { CTDB_PREFIX } = "$prefix" ;
$ ret { NUM_NODES } = $ num_nodes ;
$ ret { CTDB_NODES } = \ @ nodes ;
2020-02-04 19:44:11 +11:00
$ ret { CTDB_NODES_FILE } = $ nodes_file ;
2016-07-12 13:12:24 +02:00
return \ % ret ;
}
sub check_or_start_ctdb ($$) {
my ( $ self , $ data ) = @ _ ;
my $ prefix = $ data - > { CTDB_PREFIX } ;
my $ num_nodes = $ data - > { NUM_NODES } ;
my $ nodes = $ data - > { CTDB_NODES } ;
my $ STDIN_READER ;
# Share a single stdin pipe for all nodes
pipe ( $ STDIN_READER , $ data - > { CTDB_STDIN_PIPE } ) ;
for ( my $ i = 0 ; $ i < $ num_nodes ; $ i + + ) {
my $ node = $ nodes - > [ $ i ] ;
$ node - > { STDIN_PIPE } = $ data - > { CTDB_STDIN_PIPE } ;
my $ cmd = "ctdb/tests/local_daemons.sh" ;
my @ full_cmd = ( "$cmd" , "$prefix" , "start" , "$i" ) ;
my $ daemon_ctx = {
NAME = > "ctdbd" ,
BINARY_PATH = > $ cmd ,
FULL_CMD = > [ @ full_cmd ] ,
TEE_STDOUT = > 1 ,
LOG_FILE = > "/dev/null" ,
2020-10-29 09:05:37 +11:00
ENV_VARS = > { } ,
2016-07-12 13:12:24 +02:00
} ;
print "STARTING CTDBD (node ${i})\n" ;
# This does magic with $STDIN_READER, so use it
my $ ret = Samba:: fork_and_exec ( $ self ,
$ node ,
$ daemon_ctx ,
$ STDIN_READER ) ;
if ( $ ret == 0 ) {
print ( "\"$cmd\" failed\n" ) ;
teardown_env_ctdb ( $ self , $ data ) ;
return 0 ;
}
}
close ( $ STDIN_READER ) ;
return 1 ;
}
sub wait_for_start_ctdb ($$)
{
my ( $ self , $ data ) = @ _ ;
my $ prefix = $ data - > { CTDB_PREFIX } ;
print "Wait for ctdbd...\n" ;
my $ ctdb = Samba:: bindir_path ( $ self , "ctdb" ) ;
my $ cmd ;
$ cmd . = "ctdb/tests/local_daemons.sh ${prefix} onnode all" ;
$ cmd . = " ${ctdb} nodestatus all 2>&1" ;
my $ count = 0 ;
my $ wait_seconds = 60 ;
my $ out ;
until ( $ count > $ wait_seconds ) {
$ out = `$cmd` ;
my $ ret = $? ;
if ( $ ret == 0 ) {
print "\ncluster became healthy\n" ;
last ;
}
print "Waiting for CTDB...\n" ;
sleep ( 1 ) ;
$ count + + ;
}
if ( $ count > $ wait_seconds ) {
print "\nGiving up to wait for CTDB...\n" ;
print "${out}\n\n" ;
print "CTDB log:\n" ;
$ cmd = "ctdb/tests/local_daemons.sh ${prefix} print-log all >&2" ;
system ( $ cmd ) ;
teardown_env_ctdb ( $ self , $ data ) ;
return 0 ;
}
print "\nCTDB initialized\n" ;
return 1 ;
}
2022-04-01 15:56:30 +02:00
1 ;