2007-03-05 21:28:55 +00:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba4 ;
use strict ;
2007-04-17 13:06:00 +00:00
use Cwd qw( abs_path ) ;
2007-03-05 21:28:55 +00:00
use FindBin qw( $RealBin ) ;
use POSIX ;
2009-01-21 10:14:29 +01:00
sub new ($$$$$) {
my ( $ classname , $ bindir , $ ldap , $ setupdir , $ exeext ) = @ _ ;
$ exeext = "" unless defined ( $ exeext ) ;
2007-04-17 00:30:01 +00:00
my $ self = {
vars = > { } ,
ldap = > $ ldap ,
bindir = > $ bindir ,
2009-01-21 10:14:29 +01:00
setupdir = > $ setupdir ,
exeext = > $ exeext
2007-04-17 00:30:01 +00:00
} ;
2007-03-21 15:57:07 +00:00
bless $ self ;
return $ self ;
}
2009-01-21 10:09:30 +01:00
sub bindir_path ($$) {
my ( $ self , $ path ) = @ _ ;
2009-01-21 10:14:29 +01:00
return "$self->{bindir}/$path$self->{exeext}" ;
2009-01-21 10:09:30 +01:00
}
2007-04-23 07:33:15 +00:00
sub openldap_start ($$$) {
}
2007-04-10 20:19:31 +00:00
sub slapd_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-12 12:45:41 +00:00
my $ count = 0 ;
2007-04-10 20:19:31 +00:00
my ( $ self , $ env_vars ) = @ _ ;
2009-08-14 10:21:04 +10:00
my $ ldbsearch = $ self - > bindir_path ( "ldbsearch" ) ;
2007-04-10 20:19:31 +00:00
my $ uri = $ env_vars - > { LDAP_URI } ;
2009-08-14 10:21:04 +10:00
if ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) == 0 ) {
print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!" ;
return 1 ;
}
2007-03-06 06:30:36 +00:00
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
2007-05-29 13:06:08 +00:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
2007-12-21 02:33:43 -06:00
system ( "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &" ) ;
2007-04-17 00:30:01 +00:00
} elsif ( $ self - > { ldap } eq "openldap" ) {
2009-08-13 17:01:27 +10:00
system ( "$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &" ) ;
2007-03-05 21:28:55 +00:00
}
2009-01-21 10:09:30 +01:00
while ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) != 0 ) {
2007-03-07 11:05:59 +00:00
$ count + + ;
2007-04-23 07:33:15 +00:00
if ( $ count > 40 ) {
2007-04-10 20:19:31 +00:00
$ self - > slapd_stop ( $ env_vars ) ;
2007-03-07 11:05:59 +00:00
return 0 ;
}
sleep ( 1 ) ;
}
2007-03-06 06:30:36 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2007-04-10 20:19:31 +00:00
sub slapd_stop ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2007-05-29 13:06:08 +00:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
2007-04-10 20:19:31 +00:00
system ( "$envvars->{LDAPDIR}/slapd-samba4/stop-slapd" ) ;
2007-04-17 00:30:01 +00:00
} elsif ( $ self - > { ldap } eq "openldap" ) {
2007-04-11 05:01:02 +00:00
open ( IN , "<$envvars->{OPENLDAP_PIDFILE}" ) or
die ( "unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}" ) ;
2007-03-05 21:28:55 +00:00
kill 9 , <IN> ;
close ( IN ) ;
}
2007-04-23 21:56:23 +00:00
return 1 ;
2007-03-05 21:28:55 +00:00
}
2007-04-11 03:45:39 +00:00
sub check_or_start ($$$)
2007-03-05 21:28:55 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ env_vars , $ max_time ) = @ _ ;
2009-02-04 15:17:14 +01:00
return 0 if ( - p $ env_vars - > { SAMBA_TEST_FIFO } ) ;
2007-03-21 15:57:07 +00:00
2009-02-04 15:17:14 +01:00
unlink ( $ env_vars - > { SAMBA_TEST_FIFO } ) ;
POSIX:: mkfifo ( $ env_vars - > { SAMBA_TEST_FIFO } , 0700 ) ;
unlink ( $ env_vars - > { SAMBA_TEST_LOG } ) ;
2007-03-05 21:28:55 +00:00
2009-02-04 15:17:14 +01:00
print "STARTING SAMBA... " ;
2007-03-05 21:28:55 +00:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
2009-02-04 15:17:14 +01:00
open STDIN , $ env_vars - > { SAMBA_TEST_FIFO } ;
2009-08-12 14:38:55 +10:00
# we want out from samba to go to the log file, but also
# to the users terminal when running 'make test' on the command
# line. This puts it on stderr on the terminal
open STDOUT , "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2" ;
2007-03-05 21:28:55 +00:00
open STDERR , '>&STDOUT' ;
2009-08-12 14:38:55 +10:00
2007-04-17 15:33:50 +00:00
SocketWrapper:: set_default_iface ( $ env_vars - > { SOCKET_WRAPPER_DEFAULT_IFACE } ) ;
2007-04-17 03:47:51 +00:00
my $ valgrind = "" ;
2009-03-20 16:11:14 +01:00
if ( defined ( $ ENV { SAMBA_VALGRIND } ) ) {
$ valgrind = $ ENV { SAMBA_VALGRIND } ;
2007-04-17 03:47:51 +00:00
}
$ ENV { KRB5_CONFIG } = $ env_vars - > { KRB5_CONFIG } ;
2009-04-17 09:59:39 +02:00
$ ENV { WINBINDD_SOCKET_DIR } = $ env_vars - > { WINBINDD_SOCKET_DIR } ;
2007-04-17 03:47:51 +00:00
2007-11-05 15:49:40 +01:00
$ ENV { NSS_WRAPPER_PASSWD } = $ env_vars - > { NSS_WRAPPER_PASSWD } ;
$ ENV { NSS_WRAPPER_GROUP } = $ env_vars - > { NSS_WRAPPER_GROUP } ;
2009-08-05 10:50:03 +10:00
$ ENV { UID_WRAPPER } = "1" ;
2009-02-04 15:17:14 +01:00
# Start slapd before samba, but with the fifo on stdin
2007-04-23 07:33:15 +00:00
if ( defined ( $ self - > { ldap } ) ) {
$ self - > slapd_start ( $ env_vars ) or
2009-08-10 22:01:28 +10:00
die ( "couldn't start slapd (main run)" ) ;
2007-04-23 07:33:15 +00:00
}
2007-03-05 21:28:55 +00:00
my $ optarg = "" ;
if ( defined ( $ max_time ) ) {
$ optarg = "--maximum-runtime=$max_time " ;
}
2009-03-20 16:11:14 +01:00
if ( defined ( $ ENV { SAMBA_OPTIONS } ) ) {
$ optarg . = " $ENV{SAMBA_OPTIONS}" ;
2007-10-08 12:57:30 +00:00
}
2009-01-21 10:09:30 +01:00
my $ samba = $ self - > bindir_path ( "samba" ) ;
2009-08-12 14:41:44 +10:00
# allow selection of the process model using
# the environment varibale SAMBA_PROCESS_MODEL
# that allows us to change the process model for
# individual machines in the build farm
my $ model = "single" ;
if ( defined ( $ ENV { SAMBA_PROCESS_MODEL } ) ) {
$ model = $ ENV { SAMBA_PROCESS_MODEL } ;
}
my $ ret = system ( "$valgrind $samba $optarg $env_vars->{CONFIGURATION} -M $model -i" ) ;
2007-03-05 21:28:55 +00:00
if ( $? == - 1 ) {
2009-01-21 10:09:30 +01:00
print "Unable to start $samba: $ret: $!\n" ;
2007-03-05 21:28:55 +00:00
exit 1 ;
}
2009-02-04 15:17:14 +01:00
unlink ( $ env_vars - > { SAMBA_TEST_FIFO } ) ;
2007-03-05 21:28:55 +00:00
my $ exit = $? >> 8 ;
if ( $ ret == 0 ) {
2009-01-21 10:09:30 +01:00
print "$samba exits with status $exit\n" ;
2007-03-05 21:28:55 +00:00
} elsif ( $ ret & 127 ) {
2009-01-21 10:09:30 +01:00
print "$samba got signal " . ( $ ret & 127 ) . " and exits with $exit!\n" ;
2007-03-05 21:28:55 +00:00
} else {
$ ret = $? >> 8 ;
2009-01-21 10:09:30 +01:00
print "$samba failed with status $exit!\n" ;
2007-03-05 21:28:55 +00:00
}
exit $ exit ;
}
print "DONE\n" ;
2009-02-04 15:17:14 +01:00
open ( DATA , ">$env_vars->{SAMBA_TEST_FIFO}" ) ;
2007-03-21 15:57:07 +00:00
2007-03-05 21:28:55 +00:00
return $ pid ;
}
2007-04-04 12:23:10 +00:00
sub wait_for_start ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-04 12:23:10 +00:00
my ( $ self , $ testenv_vars ) = @ _ ;
2007-03-05 21:28:55 +00:00
# give time for nbt server to register its names
print "delaying for nbt name registration\n" ;
2007-04-28 08:58:40 +00:00
sleep 2 ;
2007-03-05 21:28:55 +00:00
# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
2009-02-03 16:20:24 +01:00
my $ nmblookup = $ self - > bindir_path ( "nmblookup" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSALIAS}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSALIAS}" ) ;
2007-04-18 14:02:26 +00:00
print $ self - > getlog_env ( $ testenv_vars ) ;
2007-03-05 21:28:55 +00:00
}
2007-04-17 00:30:01 +00:00
sub write_ldb_file ($$$)
{
my ( $ self , $ file , $ ldif ) = @ _ ;
2009-01-21 10:09:30 +01:00
my $ ldbadd = $ self - > bindir_path ( "ldbadd" ) ;
open ( LDIF , "|$ldbadd -H $file >/dev/null" ) ;
2007-04-17 00:30:01 +00:00
print LDIF $ ldif ;
return close ( LDIF ) ;
}
sub add_wins_config ($$)
{
my ( $ self , $ privatedir ) = @ _ ;
return $ self - > write_ldb_file ( "$privatedir/wins_config.ldb" , "
dn: name = TORTURE_6 , CN = PARTNERS
objectClass: wreplPartner
name: TORTURE_6
address: 127.0 .0 .6
pullInterval: 0
pushChangeCount: 0
type: 0x3
" ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_fedora_ds ($$)
2007-04-17 00:30:01 +00:00
{
2009-08-13 17:01:27 +10:00
my ( $ self , $ ldapdir ) = @ _ ;
2007-04-17 00:30:01 +00:00
#Make the subdirectory be as fedora DS would expect
my $ fedora_ds_dir = "$ldapdir/slapd-samba4" ;
my $ pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid" ;
return ( $ fedora_ds_dir , $ pidfile ) ;
}
2009-08-13 17:01:27 +10:00
sub mk_openldap ($$)
2007-04-17 00:30:01 +00:00
{
2009-08-13 17:01:27 +10:00
my ( $ self , $ ldapdir ) = @ _ ;
2007-04-17 00:30:01 +00:00
2009-08-13 17:01:27 +10:00
my $ slapd_conf_d = "$ldapdir/slapd.d" ;
2007-04-17 00:30:01 +00:00
my $ pidfile = "$ldapdir/slapd.pid" ;
2009-08-13 17:01:27 +10:00
return ( $ slapd_conf_d , $ pidfile ) ;
2007-04-17 00:30:01 +00:00
}
2007-10-25 22:20:52 +02:00
sub mk_keyblobs ($$)
{
my ( $ self , $ tlsdir ) = @ _ ;
#TLS and PKINIT crypto blobs
my $ dhfile = "$tlsdir/dhparms.pem" ;
my $ cafile = "$tlsdir/ca.pem" ;
my $ certfile = "$tlsdir/cert.pem" ;
my $ reqkdc = "$tlsdir/req-kdc.der" ;
my $ kdccertfile = "$tlsdir/kdc.pem" ;
my $ keyfile = "$tlsdir/key.pem" ;
my $ adminkeyfile = "$tlsdir/adminkey.pem" ;
my $ reqadmin = "$tlsdir/req-admin.der" ;
my $ admincertfile = "$tlsdir/admincert.pem" ;
2009-07-28 14:05:19 +10:00
my $ admincertupnfile = "$tlsdir/admincertupn.pem" ;
2007-10-25 22:20:52 +02:00
mkdir ( $ tlsdir , 0777 ) ;
#This is specified here to avoid draining entropy on every run
open ( DHFILE , ">$dhfile" ) ;
print DHFILE << EOF ;
- - - - - BEGIN DH PARAMETERS - - - - -
MGYCYQC /eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/ Cys8j8wLO
svCN /jYNyR2NszOmg7ZWcOC/ 4 z / 4 pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
YX70obsCAQI =
- - - - - END DH PARAMETERS - - - - -
EOF
close ( DHFILE ) ;
#Likewise, we pregenerate the key material. This allows the
#other certificates to be pre-generated
open ( KEYFILE , ">$keyfile" ) ;
print KEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpc
ol3 + S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H
6 H + pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQAB
AoGAAqDLzFRR / BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
szNW4PRjaA9KkLQVTwnzdXGkBSkn / nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
9 /xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/ dilpY88Nb + xok / X
8 Z8OvgAXAkEA + pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
jNKEKnbf + TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4 / nN4IJXUW6AmPVOYIA5215itgki
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ + aFvqSG
- - - - - END RSA PRIVATE KEY - - - - -
EOF
close ( KEYFILE ) ;
open ( ADMINKEYFILE , ">$adminkeyfile" ) ;
print ADMINKEYFILE << EOF ;
- - - - - BEGIN RSA PRIVATE KEY - - - - -
MIICXQIBAAKBgQD0 + OL7TQBj0RejbIH1 + g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
5 iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
XLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xdl3JRlwIDAQAB
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ / LgaXUK9BAGhroJ2L
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk + FlolW4ECQQD7w5ouCDnf58CN
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
eAY126rXAkEA + RgHzybzZEP8jCuznMqoN2fq /Vrs6+W3M8/ G9mzGEMgLLpaf2Jiz
I9tLZ0 + OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
ASpo / tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz + o0bzATirmJ + WqxrkKTECQHt2
OLCpKqwAspU7N + w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ / lOwWyR3Hailft + mPqoPCa8QHlQZnlG
+ cfgNl57YHMTZFwgUVFRdJNpjH / WdZ5QxDcIVli0q + Ko
- - - - - END RSA PRIVATE KEY - - - - -
EOF
#generated with
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --self-signed --issue-ca \
# --ca-private-key="FILE:$KEYFILE" \
# --subject="CN=CA,DC=samba,DC=example,DC=com" \
# --certificate="FILE:$CAFILE" --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( CAFILE , ">$cafile" ) ;
print CAFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
MjIzMTJaMFIxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 + S9 / 6
I /uaTmJHZre+DF3dTzb/ UOZo0Zem8N + IzzkgoGkFafjXuT3BL5UPY2 / H6H + pPqVIRLOmrWIm
2008-03-02 07:57:13 -06:00
ai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB / wQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
yYDRg / dhFF9y656OpcHk4N7qZ2sl3RlHkzDu + dseETW + CnKvQIoXNyeARRJSsSlwrwcoD4JR
HTLk2sGigsWwrJ2N99sG /cqSJLJ1MFwLrs6koweBnYU0f/g =
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
#generated with GNUTLS internally in Samba.
open ( CERTFILE , ">$certfile" ) ;
print CERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd + F0C + 9 Jxcqvpw9ii9En3E1uflpcol3 +
S9 /6I/ uaTmJHZre + DF3dTzb /UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/ H6H + p
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ + u2rS9geapIWfeuowIDAQABoyUw
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm / SAZBFyG
LYOChvh6hPU7joMdDwGfbiLrBnMag + BtGlmPLWwp / Kt1wNmrRhduyTQFhN3PP6fz
nBr9vVny2FewB2gHmelaPS // tXdxivSXKz3NFqqXLDJjq7P8wA ==
- - - - - END CERTIFICATE - - - - -
EOF
close ( CERTFILE ) ;
#KDC certificate
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$KEYFILE" $KDCREQ
2007-10-25 22:20:52 +02:00
2008-03-02 07:57:13 -06:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-kdc" \
# --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( KDCCERTFILE , ">$kdccertfile" ) ;
print KDCCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2008-03-02 07:57:13 -06:00
MIIDDDCCAnWgAwIBAgIUI2Tzj + JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2008-03-02 07:57:13 -06:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
MzE5MjNaMGYxEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2007-10-25 22:20:52 +02:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
yq + nD2KL0SfcTW5 + WlyiXf5L3 / oj + 5 pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp + Ne5
PcEvlQ9jb8fof6k + pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
AAGjgcgwgcUwDgYDVR0PAQH / BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS + jPK
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
2008-03-02 07:57:13 -06:00
AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
ge4yRRDXtSebErOl71zVJI9CVeQQpwcH + tA85oGA7oeFtO / S7ls581RUU6tGgyxV4veD + lJv
KPH5LevUtgD + q9H4LU4Sq5N3iFwBaeryB0g2wg ==
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
2008-03-02 07:57:13 -06:00
# hxtool request-create \
# --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
# --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
# --lifetime="25 years"
2007-10-25 22:20:52 +02:00
open ( ADMINCERTFILE , ">$admincertfile" ) ;
print ADMINCERTFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
2009-07-28 14:05:19 +10:00
MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
2007-10-25 22:20:52 +02:00
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
2009-07-28 14:05:19 +10:00
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
MzMyMTVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
2008-03-02 07:57:13 -06:00
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA / oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
2009-07-28 14:05:19 +10:00
RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
2008-03-02 07:57:13 -06:00
ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B / BDjXlGuaFaxjAJBgNV
2009-07-28 14:05:19 +10:00
HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf / OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
7 /xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/ Nt7YQnNvwd + 1 SBP5E8GvwWw9ZzLJvma
nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
2007-10-25 22:20:52 +02:00
- - - - - END CERTIFICATE - - - - -
EOF
close ( ADMINCERTFILE ) ;
2009-07-28 14:05:19 +10:00
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
# --type="pkinit-client" \
# --ms-upn="administrator@samba.example.com" \
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
# --lifetime="25 years"
open ( ADMINCERTUPNFILE , ">$admincertupnfile" ) ;
print ADMINCERTUPNFILE << EOF ;
- - - - - BEGIN CERTIFICATE - - - - -
MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
BgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
MzMzMDVaMG0xEzARBgoJkiaJk /IsZAEZDANjb20xFzAVBgoJkiaJk/ IsZAEZDAdleGFtcGxl
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0 + OL7TQBj0RejbIH1 + g5G
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
xB6esnXhl0Jpip1JkUMMXLOP1m /0dqayuHBWozj9f/c dyCJr0wJIX1Z8Pr + EjYRGPn / MF0xd
l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB / wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
+ jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
9 w0BAQsFAAOBgQBk42 + egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK / YR9rajKOwk5jtYSeS
Zd7J9s // rNFNa7waklFkDaY56 + QWTFtdvxfE + KoHaqt6X8u6pqi7p3M4wDKQox + 9 Dx8yWFyq
Wfz / 8 alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ ==
- - - - - END CERTIFICATE - - - - -
EOF
2007-10-25 22:20:52 +02:00
}
2009-02-04 11:18:32 +01:00
#
# provision_raw_prepare() is also used by Samba34.pm!
#
2009-02-10 18:00:48 +01:00
sub provision_raw_prepare ($$$$$$$)
2007-04-17 00:30:01 +00:00
{
2009-02-10 18:00:48 +01:00
my ( $ self , $ prefix , $ server_role , $ netbiosname , $ netbiosalias , $ swiface , $ password , $ kdc_ipv4 ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx ;
2007-04-17 00:30:01 +00:00
2007-04-20 11:40:44 +00:00
- d $ prefix or mkdir ( $ prefix , 0777 ) or die ( "Unable to create $prefix" ) ;
2007-04-17 13:06:00 +00:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2007-04-17 15:33:50 +00:00
2009-02-04 11:18:32 +01:00
die ( "prefix=''" ) if $ prefix_abs eq "" ;
die ( "prefix='/'" ) if $ prefix_abs eq "/" ;
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
( system ( "rm -rf $prefix_abs/*" ) == 0 ) or die ( "Unable to clean up" ) ;
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
$ ctx - > { prefix } = $ prefix ;
$ ctx - > { prefix_abs } = $ prefix_abs ;
$ ctx - > { server_role } = $ server_role ;
$ ctx - > { netbiosname } = $ netbiosname ;
$ ctx - > { netbiosalias } = $ netbiosalias ;
$ ctx - > { swiface } = $ swiface ;
$ ctx - > { password } = $ password ;
2009-02-10 18:00:48 +01:00
$ ctx - > { kdc_ipv4 } = $ kdc_ipv4 ;
2007-04-17 15:33:50 +00:00
2009-02-04 11:18:32 +01:00
$ ctx - > { server_loglevel } = 1 ;
2009-07-27 22:39:10 +10:00
$ ctx - > { username } = "Administrator" ;
2009-02-04 11:18:32 +01:00
$ ctx - > { domain } = "SAMBADOMAIN" ;
$ ctx - > { realm } = "SAMBA.EXAMPLE.COM" ;
$ ctx - > { dnsname } = "samba.example.com" ;
$ ctx - > { basedn } = "dc=samba,dc=example,dc=com" ;
2009-10-28 15:28:31 -05:00
$ ctx - > { sid_generator } = "internal" ;
2009-02-04 11:18:32 +01:00
my $ unix_name = ( $ ENV { USER } or $ ENV { LOGNAME } or `whoami` ) ;
chomp $ unix_name ;
$ ctx - > { unix_name } = $ unix_name ;
$ ctx - > { unix_uid } = $> ;
$ ctx - > { unix_gids_str } = $ ) ;
@ { $ ctx - > { unix_gids } } = split ( " " , $ ctx - > { unix_gids_str } ) ;
$ ctx - > { etcdir } = "$prefix_abs/etc" ;
$ ctx - > { piddir } = "$prefix_abs/pid" ;
$ ctx - > { smb_conf } = "$ctx->{etcdir}/smb.conf" ;
$ ctx - > { krb5_conf } = "$ctx->{etcdir}/krb5.conf" ;
$ ctx - > { privatedir } = "$prefix_abs/private" ;
$ ctx - > { ncalrpcdir } = "$prefix_abs/ncalrpc" ;
$ ctx - > { lockdir } = "$prefix_abs/lockdir" ;
$ ctx - > { winbindd_socket_dir } = "$prefix_abs/winbindd_socket" ;
$ ctx - > { winbindd_privileged_socket_dir } = "$prefix_abs/winbindd_privileged_socket" ;
$ ctx - > { ntp_signd_socket_dir } = "$prefix_abs/ntp_signd_socket" ;
$ ctx - > { nsswrap_passwd } = "$ctx->{etcdir}/passwd" ;
$ ctx - > { nsswrap_group } = "$ctx->{etcdir}/group" ;
$ ctx - > { tlsdir } = "$ctx->{privatedir}/tls" ;
$ ctx - > { ipv4 } = "127.0.0.$swiface" ;
$ ctx - > { interfaces } = "$ctx->{ipv4}/8" ;
$ ctx - > { localbasedn } = $ ctx - > { basedn } ;
$ ctx - > { localbasedn } = "CN=$netbiosname" if $ server_role eq "member server" ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { privatedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { etcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { piddir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { ncalrpcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { lockdir } ) ;
2009-02-10 17:01:51 +01:00
$ ctx - > { smb_conf_extra_options } = "" ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:55:54 +01:00
my @ provision_options = ( ) ;
push ( @ provision_options , "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"" ) ;
push ( @ provision_options , "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"" ) ;
if ( defined ( $ ENV { GDB_PROVISION } ) ) {
2009-02-23 13:33:39 -05:00
push ( @ provision_options , "gdb --args" ) ;
2009-02-10 17:55:54 +01:00
}
if ( defined ( $ ENV { VALGRIND_PROVISION } ) ) {
push ( @ provision_options , "valgrind" ) ;
}
if ( defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , $ ENV { PYTHON } ) ;
}
push ( @ provision_options , "$self->{setupdir}/provision" ) ;
push ( @ provision_options , "--configfile=$ctx->{smb_conf}" ) ;
push ( @ provision_options , "--host-name=$ctx->{netbiosname}" ) ;
push ( @ provision_options , "--host-ip=$ctx->{ipv4}" ) ;
push ( @ provision_options , "--quiet" ) ;
push ( @ provision_options , "--domain=$ctx->{domain}" ) ;
push ( @ provision_options , "--realm=$ctx->{realm}" ) ;
push ( @ provision_options , "--adminpass=$ctx->{password}" ) ;
push ( @ provision_options , "--krbtgtpass=krbtgt$ctx->{password}" ) ;
push ( @ provision_options , "--machinepass=machine$ctx->{password}" ) ;
push ( @ provision_options , "--root=$ctx->{unix_name}" ) ;
push ( @ provision_options , "--server-role=\"$ctx->{server_role}\"" ) ;
@ { $ ctx - > { provision_options } } = @ provision_options ;
2009-02-04 11:18:32 +01:00
return $ ctx ;
}
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
#
2009-02-10 17:55:54 +01:00
# provision_raw_step1() is also used by Samba34.pm!
2009-02-04 11:18:32 +01:00
#
2009-02-10 17:55:54 +01:00
# Step1 creates the basic configuration
#
sub provision_raw_step1 ($$)
2009-02-04 11:18:32 +01:00
{
my ( $ self , $ ctx ) = @ _ ;
2007-05-01 03:28:12 +00:00
2009-02-04 11:18:32 +01:00
mkdir ( $ _ , 0777 ) foreach ( @ { $ ctx - > { directories } } ) ;
2007-05-01 03:28:12 +00:00
2009-02-04 11:18:32 +01:00
open ( CONFFILE , ">$ctx->{smb_conf}" )
or die ( "can't open $ctx->{smb_conf}$?" ) ;
2007-04-17 00:30:01 +00:00
print CONFFILE "
[ global ]
2009-02-04 11:18:32 +01:00
netbios name = $ ctx - > { netbiosname }
netbios aliases = $ ctx - > { netbiosalias }
workgroup = $ ctx - > { domain }
realm = $ ctx - > { realm }
private dir = $ ctx - > { privatedir }
pid directory = $ ctx - > { piddir }
ncalrpc dir = $ ctx - > { ncalrpcdir }
lock dir = $ ctx - > { lockdir }
2007-04-17 00:30:01 +00:00
setup directory = $ self - > { setupdir }
2007-11-07 01:32:25 +01:00
modules dir = $ self - > { bindir } / modules
2009-02-04 11:18:32 +01:00
winbindd socket directory = $ ctx - > { winbindd_socket_dir }
winbindd privileged socket directory = $ ctx - > { winbindd_privileged_socket_dir }
ntp signd socket directory = $ ctx - > { ntp_signd_socket_dir }
winbind separator = /
2007-04-17 00:30:01 +00:00
name resolve order = bcast
2009-02-04 11:18:32 +01:00
interfaces = $ ctx - > { interfaces }
tls dh params file = $ ctx - > { tlsdir } / dhparms . pem
2008-10-28 12:20:59 +01:00
panic action = $ RealBin / gdb_backtrace \ % PID % \ % PROG %
2007-04-17 00:30:01 +00:00
wins support = yes
2009-02-04 11:18:32 +01:00
server role = $ ctx - > { server_role }
2007-04-17 00:30:01 +00:00
notify:inotify = false
ldb:nosync = true
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
2009-02-04 11:18:32 +01:00
log level = $ ctx - > { server_loglevel }
2009-10-28 15:28:31 -05:00
lanman auth = Yes " ;
if ( defined ( $ ctx - > { sid_generator } ) && $ ctx - > { sid_generator } ne "internal" ) {
print CONFFILE "
sid generator = $ ctx - > { sid_generator } " ;
}
print CONFFILE "
2007-04-17 00:30:01 +00:00
2009-02-10 17:01:51 +01:00
# Begin extra options
$ ctx - > { smb_conf_extra_options }
# End extra options
2007-04-17 00:30:01 +00:00
" ;
close ( CONFFILE ) ;
2009-02-04 11:18:32 +01:00
$ self - > mk_keyblobs ( $ ctx - > { tlsdir } ) ;
2007-04-17 00:30:01 +00:00
2009-02-04 11:18:32 +01:00
open ( KRB5CONF , ">$ctx->{krb5_conf}" )
or die ( "can't open $ctx->{krb5_conf}$?" ) ;
2007-04-17 00:30:01 +00:00
print KRB5CONF "
2009-02-04 11:18:32 +01:00
#Generated krb5.conf for $ctx->{realm}
2007-04-17 00:30:01 +00:00
[ libdefaults ]
2009-02-04 11:18:32 +01:00
default_realm = $ ctx - > { realm }
2007-04-17 00:30:01 +00:00
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24 h
forwardable = yes
[ realms ]
2009-02-04 11:18:32 +01:00
$ ctx - > { realm } = {
2009-02-10 18:00:48 +01:00
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
2009-02-04 11:18:32 +01:00
default_domain = $ ctx - > { dnsname }
2007-04-17 00:30:01 +00:00
}
2009-02-04 11:18:32 +01:00
$ ctx - > { dnsname } = {
2009-02-10 18:00:48 +01:00
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
2009-02-04 11:18:32 +01:00
default_domain = $ ctx - > { dnsname }
2007-04-17 00:30:01 +00:00
}
2009-02-04 11:18:32 +01:00
$ ctx - > { domain } = {
2009-02-10 18:00:48 +01:00
kdc = $ ctx - > { kdc_ipv4 } : 88
admin_server = $ ctx - > { kdc_ipv4 } : 88
2009-02-04 11:18:32 +01:00
default_domain = $ ctx - > { dnsname }
2007-04-17 00:30:01 +00:00
}
[ appdefaults ]
2009-02-04 11:18:32 +01:00
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
2007-04-17 00:30:01 +00:00
[ kdc ]
enable - pkinit = true
2009-02-04 11:18:32 +01:00
pkinit_identity = FILE: $ ctx - > { tlsdir } /kdc.pem,$ctx->{tlsdir}/ key . pem
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
2007-04-17 00:30:01 +00:00
[ domain_realm ]
2009-02-04 11:18:32 +01:00
. $ ctx - > { dnsname } = $ ctx - > { realm }
2007-04-17 00:30:01 +00:00
" ;
close ( KRB5CONF ) ;
2009-02-04 11:18:32 +01:00
open ( PWD , ">$ctx->{nsswrap_passwd}" ) ;
2007-11-05 15:49:40 +01:00
print PWD "
2009-02-04 11:18:32 +01:00
root:x:0:0:root gecos: $ ctx - > { prefix_abs } : /bin/ false
$ ctx - > { unix_name } : x: $ ctx - > { unix_uid } : @ { $ ctx - > { unix_gids } } [ 0 ] : $ ctx - > { unix_name } gecos: $ ctx - > { prefix_abs } : /bin/ false
nobody:x:65534:65533:nobody gecos: $ ctx - > { prefix_abs } : /bin/ false
2007-11-05 15:49:40 +01:00
" ;
close ( PWD ) ;
2009-02-04 11:18:32 +01:00
open ( GRP , ">$ctx->{nsswrap_group}" ) ;
2007-11-05 15:49:40 +01:00
print GRP "
root:x:0:
wheel:x:10:
users:x:100:
nobody:x:65533:
nogroup:x:65534:nobody
" ;
close ( GRP ) ;
2009-02-04 11:18:32 +01:00
my $ configuration = "--configfile=$ctx->{smb_conf}" ;
2007-04-17 00:30:01 +00:00
#Ensure the config file is valid before we start
2009-01-21 10:09:30 +01:00
my $ testparm = $ self - > bindir_path ( "testparm" ) ;
if ( system ( "$testparm $configuration -v --suppress-prompt >/dev/null 2>&1" ) != 0 ) {
system ( "$testparm -v --suppress-prompt $configuration >&2" ) ;
die ( "Failed to create a valid smb.conf configuration $testparm!" ) ;
2007-04-17 00:30:01 +00:00
}
2009-02-04 11:18:32 +01:00
( system ( "($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1" ) == 0 ) or die ( "Failed to create a valid smb.conf configuration! $self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global" ) ;
2007-04-17 00:30:01 +00:00
my $ ret = {
2009-02-04 11:18:32 +01:00
KRB5_CONFIG = > $ ctx - > { krb5_conf } ,
PIDDIR = > $ ctx - > { piddir } ,
SERVER = > $ ctx - > { netbiosname } ,
SERVER_IP = > $ ctx - > { ipv4 } ,
NETBIOSNAME = > $ ctx - > { netbiosname } ,
NETBIOSALIAS = > $ ctx - > { netbiosalias } ,
DOMAIN = > $ ctx - > { domain } ,
USERNAME = > $ ctx - > { username } ,
REALM = > $ ctx - > { realm } ,
PASSWORD = > $ ctx - > { password } ,
LDAPDIR = > $ ctx - > { ldapdir } ,
WINBINDD_SOCKET_DIR = > $ ctx - > { winbindd_socket_dir } ,
NCALRPCDIR = > $ ctx - > { ncalrpcdir } ,
LOCKDIR = > $ ctx - > { lockdir } ,
SERVERCONFFILE = > $ ctx - > { smb_conf } ,
2007-04-17 15:33:50 +00:00
CONFIGURATION = > $ configuration ,
2009-02-04 11:18:32 +01:00
SOCKET_WRAPPER_DEFAULT_IFACE = > $ ctx - > { swiface } ,
NSS_WRAPPER_PASSWD = > $ ctx - > { nsswrap_passwd } ,
NSS_WRAPPER_GROUP = > $ ctx - > { nsswrap_group } ,
SAMBA_TEST_FIFO = > "$ctx->{prefix}/samba_test.fifo" ,
SAMBA_TEST_LOG = > "$ctx->{prefix}/samba_test.log" ,
2009-02-04 15:17:14 +01:00
SAMBA_TEST_LOG_POS = > 0 ,
2007-04-17 00:30:01 +00:00
} ;
2009-02-10 17:55:54 +01:00
return $ ret ;
}
2007-04-23 07:33:15 +00:00
2009-02-10 17:55:54 +01:00
#
# provision_raw_step2() is also used by Samba34.pm!
#
# Step2 runs the provision script
#
sub provision_raw_step2 ($$$)
{
my ( $ self , $ ctx , $ ret ) = @ _ ;
2007-04-23 21:56:23 +00:00
2009-02-10 17:55:54 +01:00
my $ provision_cmd = join ( " " , @ { $ ctx - > { provision_options } } ) ;
2007-11-05 15:49:40 +01:00
( system ( $ provision_cmd ) == 0 ) or die ( "Unable to provision: \n$provision_cmd\n" ) ;
2007-04-23 07:33:15 +00:00
2009-02-04 11:18:32 +01:00
return $ ret ;
}
2009-02-10 18:00:48 +01:00
sub provision ($$$$$$$)
2009-02-04 11:18:32 +01:00
{
2009-02-10 18:00:48 +01:00
my ( $ self , $ prefix , $ server_role , $ netbiosname , $ netbiosalias , $ swiface , $ password , $ kdc_ipv4 ) = @ _ ;
2009-02-04 11:18:32 +01:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , $ server_role ,
$ netbiosname , $ netbiosalias ,
2009-02-10 18:00:48 +01:00
$ swiface , $ password , $ kdc_ipv4 ) ;
2009-02-04 11:18:32 +01:00
2009-02-10 17:01:51 +01:00
$ ctx - > { tmpdir } = "$ctx->{prefix_abs}/tmp" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}/test1" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{tmpdir}/test2" ) ;
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ tmp ]
path = $ ctx - > { tmpdir }
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:eadb = $ ctx - > { lockdir } / eadb . tdb
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
[ test1 ]
path = $ ctx - > { tmpdir } / test1
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:eadb = $ ctx - > { lockdir } / eadb . tdb
posix:oplocktimeout = 3
2009-10-23 15:38:54 +11:00
posix:writetimeupdatedelay = 50000
2009-02-10 17:01:51 +01:00
[ test2 ]
path = $ ctx - > { tmpdir } / test2
read only = no
2009-10-23 15:38:54 +11:00
posix:sharedelay = 10000
2009-02-10 17:01:51 +01:00
posix:eadb = $ ctx - > { lockdir } / eadb . tdb
posix:oplocktimeout = 3
2009-10-23 15:38:54 +11:00
posix:writetimeupdatedelay = 50000
2009-02-10 17:01:51 +01:00
[ cifs ]
read only = no
ntvfs handler = cifs
cifs:server = $ ctx - > { netbiosname }
cifs:share = tmp
#There is no username specified here, instead the client is expected
#to log in with kerberos, and the serverwill use delegated credentials.
[ simple ]
path = $ ctx - > { tmpdir }
read only = no
ntvfs handler = simple
[ sysvol ]
path = $ ctx - > { lockdir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { lockdir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
[ cifsposix ]
copy = simple
ntvfs handler = cifsposix
" ;
2009-02-10 17:55:54 +01:00
if ( defined ( $ self - > { ldap } ) ) {
$ ctx - > { ldapdir } = "$ctx->{privatedir}/ldap" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{ldapdir}" ) ;
my $ ldap_uri = "$ctx->{ldapdir}/ldapi" ;
$ ldap_uri =~ s | / | % 2F | g ;
$ ldap_uri = "ldapi://$ldap_uri" ;
$ ctx - > { ldap_uri } = $ ldap_uri ;
2009-10-28 15:28:31 -05:00
if ( $ self - > { ldap } eq "fedora-ds" ) {
$ ctx - > { sid_generator } = "backend" ;
}
2009-02-10 17:55:54 +01:00
}
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
if ( defined ( $ self - > { ldap } ) ) {
2009-08-13 17:01:27 +10:00
$ ret - > { LDAP_URI } = $ ctx - > { ldap_uri } ;
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-type=" . $ self - > { ldap } ) ;
2009-02-10 17:55:54 +01:00
if ( $ self - > { ldap } eq "openldap" ) {
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . $ ENV { OPENLDAP_SLAPD } ) ;
( $ ret - > { SLAPD_CONF_D } , $ ret - > { OPENLDAP_PIDFILE } ) = $ self - > mk_openldap ( $ ctx - > { ldapdir } ) or die ( "Unable to create openldap directories" ) ;
2009-02-10 17:55:54 +01:00
2009-08-10 22:01:28 +10:00
} elsif ( $ self - > { ldap } eq "fedora-ds" ) {
2009-08-13 17:01:27 +10:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" ) ;
push ( @ { $ ctx - > { provision_options } } , "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl" ) ;
( $ ret - > { FEDORA_DS_DIR } , $ ret - > { FEDORA_DS_PIDFILE } ) = $ self - > mk_fedora_ds ( $ ctx - > { ldapdir } ) or die ( "Unable to create fedora ds directories" ) ;
2009-02-10 17:55:54 +01:00
}
}
$ ret = $ self - > provision_raw_step2 ( $ ctx , $ ret ) ;
2009-02-04 11:18:32 +01:00
return $ ret ;
2007-04-17 00:30:01 +00:00
}
2007-04-12 08:33:35 +00:00
sub provision_member ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2007-04-17 00:30:01 +00:00
print "PROVISIONING MEMBER..." ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
"localmember3" ,
"localmember" ,
3 ,
2009-02-10 18:00:48 +01:00
"localmemberpass" ,
$ dcvars - > { SERVER_IP } ) ;
2007-04-17 00:30:01 +00:00
$ ret or die ( "Unable to provision" ) ;
2007-04-12 08:33:35 +00:00
2009-01-21 10:09:30 +01:00
my $ net = $ self - > bindir_path ( "net" ) ;
2007-04-30 11:16:50 +00:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2009-01-21 10:09:30 +01:00
$ cmd . = "$net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member" ;
2007-04-30 11:16:50 +00:00
$ cmd . = " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}" ;
system ( $ cmd ) == 0 or die ( "Join failed\n$cmd" ) ;
2007-04-16 10:44:26 +00:00
2007-04-28 08:57:06 +00:00
$ ret - > { DC_SERVER } = $ dcvars - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { SERVER_IP } ;
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { NETBIOSNAME } ;
$ ret - > { DC_NETBIOSALIAS } = $ dcvars - > { NETBIOSALIAS } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { PASSWORD } ;
2007-04-17 00:30:01 +00:00
return $ ret ;
2007-04-12 08:33:35 +00:00
}
sub provision_dc ($$)
2007-03-05 21:28:55 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ prefix ) = @ _ ;
2007-03-21 15:57:07 +00:00
2007-04-17 00:30:01 +00:00
print "PROVISIONING DC..." ;
2007-04-29 13:54:51 +00:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"localdc1" ,
"localdc" ,
1 ,
2009-02-10 18:00:48 +01:00
"localdcpass" ,
"127.0.0.1" ) ;
2007-04-17 00:30:01 +00:00
$ self - > add_wins_config ( "$prefix/private" ) or
die ( "Unable to add wins configuration" ) ;
return $ ret ;
2007-03-05 21:28:55 +00:00
}
2007-04-10 20:19:31 +00:00
sub teardown_env ($$)
2007-03-21 15:57:07 +00:00
{
2007-04-10 20:19:31 +00:00
my ( $ self , $ envvars ) = @ _ ;
2007-07-04 00:34:16 +00:00
my $ pid ;
2007-03-21 15:57:07 +00:00
close ( DATA ) ;
2008-09-24 03:16:15 +02:00
if ( - f "$envvars->{PIDDIR}/samba.pid" ) {
open ( IN , "<$envvars->{PIDDIR}/samba.pid" ) or die ( "unable to open server pid file" ) ;
2007-07-04 00:34:16 +00:00
$ pid = <IN> ;
2007-03-21 15:57:07 +00:00
close ( IN ) ;
2007-07-04 00:34:16 +00:00
# Give the process 20 seconds to exit. gcov needs
# this time to write out the covarge data
my $ count = 0 ;
until ( kill ( 0 , $ pid ) == 0 ) {
# if no process sucessfully signalled, then we are done
sleep ( 1 ) ;
$ count + + ;
last if $ count > 20 ;
}
# If it is still around, kill it
if ( $ count > 20 ) {
2008-09-24 03:16:15 +02:00
print "server process $pid took more than $count seconds to exit, killing\n" ;
2007-07-04 00:34:16 +00:00
kill 9 , $ pid ;
}
2007-03-21 15:57:07 +00:00
}
2007-07-04 00:34:16 +00:00
my $ failed = $? >> 8 ;
2007-04-10 20:19:31 +00:00
$ self - > slapd_stop ( $ envvars ) if ( $ self - > { ldap } ) ;
2007-03-21 15:57:07 +00:00
2007-04-19 16:37:11 +00:00
print $ self - > getlog_env ( $ envvars ) ;
2007-03-21 15:57:07 +00:00
return $ failed ;
}
2007-04-18 14:02:26 +00:00
sub getlog_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2009-02-04 15:17:14 +01:00
my $ title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n" ;
2007-04-18 14:02:26 +00:00
my $ out = $ title ;
2009-02-04 15:17:14 +01:00
open ( LOG , "<$envvars->{SAMBA_TEST_LOG}" ) ;
2007-04-18 14:02:26 +00:00
2009-02-04 15:17:14 +01:00
seek ( LOG , $ envvars - > { SAMBA_TEST_LOG_POS } , SEEK_SET ) ;
2007-04-18 14:02:26 +00:00
while ( <LOG> ) {
$ out . = $ _ ;
}
2009-02-04 15:17:14 +01:00
$ envvars - > { SAMBA_TEST_LOG_POS } = tell ( LOG ) ;
2007-04-18 14:02:26 +00:00
close ( LOG ) ;
return "" if $ out eq $ title ;
return $ out ;
}
2007-04-19 14:54:09 +00:00
sub check_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2009-02-04 15:17:14 +01:00
return 1 if ( - p $ envvars - > { SAMBA_TEST_FIFO } ) ;
2007-04-19 15:03:35 +00:00
2007-04-19 16:37:11 +00:00
print $ self - > getlog_env ( $ envvars ) ;
2007-04-19 15:03:35 +00:00
return 0 ;
2007-04-19 14:54:09 +00:00
}
2007-04-11 03:45:39 +00:00
sub setup_env ($$$)
2007-03-05 21:28:55 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ envname , $ path ) = @ _ ;
2007-04-18 14:02:26 +00:00
2007-04-10 20:19:31 +00:00
if ( $ envname eq "dc" ) {
2007-04-11 03:45:39 +00:00
return $ self - > setup_dc ( "$path/dc" ) ;
2007-04-12 08:33:35 +00:00
} elsif ( $ envname eq "member" ) {
if ( not defined ( $ self - > { vars } - > { dc } ) ) {
$ self - > setup_dc ( "$path/dc" ) ;
}
return $ self - > setup_member ( "$path/member" , $ self - > { vars } - > { dc } ) ;
2007-04-10 20:19:31 +00:00
} else {
2007-04-12 08:33:35 +00:00
die ( "Samba4 can't provide environment '$envname'" ) ;
2007-04-10 20:19:31 +00:00
}
}
2007-04-12 08:33:35 +00:00
sub setup_member ($$$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_member ( $ path , $ dc_vars ) ;
2007-04-30 09:35:32 +00:00
$ self - > check_or_start ( $ env , ( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2007-04-12 08:33:35 +00:00
$ self - > wait_for_start ( $ env ) ;
return $ env ;
}
2007-04-11 03:45:39 +00:00
sub setup_dc ($$)
2007-04-10 20:19:31 +00:00
{
2007-04-11 03:45:39 +00:00
my ( $ self , $ path ) = @ _ ;
2007-04-04 12:23:10 +00:00
2007-04-12 08:33:35 +00:00
my $ env = $ self - > provision_dc ( $ path ) ;
2007-04-04 12:23:10 +00:00
2007-04-11 03:45:39 +00:00
$ self - > check_or_start ( $ env ,
2007-04-30 09:35:32 +00:00
( $ ENV { SMBD_MAXTIME } or 7500 ) ) ;
2007-04-04 12:23:10 +00:00
$ self - > wait_for_start ( $ env ) ;
2007-04-12 08:33:35 +00:00
$ self - > { vars } - > { dc } = $ env ;
2007-04-04 12:23:10 +00:00
return $ env ;
2007-03-05 21:28:55 +00:00
}
2007-04-10 20:19:31 +00:00
sub stop ($)
{
my ( $ self ) = @ _ ;
}
2007-03-05 21:28:55 +00:00
1 ;