2011-04-18 17:38:35 +10:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba ;
use strict ;
use target::Samba3 ;
use target::Samba4 ;
2012-03-04 17:30:45 +11:00
use POSIX ;
2013-11-08 09:49:25 +01:00
use Cwd qw( abs_path ) ;
2011-04-18 17:38:35 +10:00
sub new ($$$$$) {
2015-06-05 12:22:45 +12:00
my ( $ classname , $ bindir , $ ldap , $ srcdir , $ server_maxtime ) = @ _ ;
2011-04-18 17:38:35 +10:00
my $ self = {
2015-06-05 12:22:45 +12:00
samba3 = > new Samba3 ( $ bindir , $ srcdir , $ server_maxtime ) ,
samba4 = > new Samba4 ( $ bindir , $ ldap , $ srcdir , $ server_maxtime ) ,
2011-04-18 17:38:35 +10:00
} ;
bless $ self ;
return $ self ;
}
sub setup_env ($$$)
{
my ( $ self , $ envname , $ path ) = @ _ ;
$ ENV { ENVNAME } = $ envname ;
my $ env = $ self - > { samba4 } - > setup_env ( $ envname , $ path ) ;
2012-02-13 12:14:57 +11:00
if ( defined ( $ env ) and $ env ne "UNKNOWN" ) {
2011-04-27 12:10:12 +10:00
if ( not defined ( $ env - > { target } ) ) {
$ env - > { target } = $ self - > { samba4 } ;
}
2012-02-23 16:34:47 +11:00
} elsif ( defined ( $ env ) and $ env eq "UNKNOWN" ) {
2011-04-18 17:38:35 +10:00
$ env = $ self - > { samba3 } - > setup_env ( $ envname , $ path ) ;
2012-02-13 12:14:57 +11:00
if ( defined ( $ env ) and $ env ne "UNKNOWN" ) {
2011-04-27 12:10:12 +10:00
if ( not defined ( $ env - > { target } ) ) {
$ env - > { target } = $ self - > { samba3 } ;
}
2011-04-18 17:38:35 +10:00
}
}
2012-02-23 16:34:47 +11:00
if ( defined ( $ env ) and ( $ env eq "UNKNOWN" ) ) {
2011-04-18 17:38:35 +10:00
warn ( "Samba can't provide environment '$envname'" ) ;
2012-02-23 16:34:47 +11:00
return "UNKNOWN" ;
}
if ( not defined $ env ) {
warn ( "failed to start up environment '$envname'" ) ;
2011-04-18 17:38:35 +10:00
return undef ;
}
return $ env ;
}
2011-04-27 11:19:20 +10:00
sub bindir_path ($$) {
my ( $ object , $ path ) = @ _ ;
2012-01-26 09:42:27 +11:00
my $ valpath = "$object->{bindir}/$path" ;
2011-04-27 11:19:20 +10:00
2014-05-12 16:45:55 +02:00
return $ valpath if ( - f $ valpath or - d $ valpath ) ;
2011-04-27 11:19:20 +10:00
return $ path ;
}
2012-10-03 16:36:34 +10:00
sub nss_wrapper_winbind_so_path ($) {
my ( $ object ) = @ _ ;
my $ ret = $ ENV { NSS_WRAPPER_WINBIND_SO_PATH } ;
if ( not defined ( $ ret ) ) {
2014-12-18 20:13:44 +01:00
$ ret = bindir_path ( $ object , "shared/libnss_wrapper_winbind.so.2" ) ;
2013-11-08 09:49:25 +01:00
$ ret = abs_path ( $ ret ) ;
2012-10-03 16:36:34 +10:00
}
return $ ret ;
}
2016-01-09 21:21:25 +01:00
sub copy_file_content ($$)
{
my ( $ in , $ out ) = @ _ ;
open ( IN , "${in}" ) or die ( "failed to open in[${in}] for reading: $!" ) ;
open ( OUT , ">${out}" ) or die ( "failed to open out[${out}] for writing: $!" ) ;
while ( <IN> ) {
print OUT $ _ ;
}
close ( OUT ) ;
close ( IN ) ;
}
sub prepare_keyblobs ($)
{
my ( $ ctx ) = @ _ ;
my $ cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com" ;
my $ cacert = "$cadir/Public/CA-samba.example.com-cert.pem" ;
my $ cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem" ;
my $ dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}" ;
my $ dcdir = "$cadir/DCs/$dcdnsname" ;
my $ dccert = "$dcdir/DC-$dcdnsname-cert.pem" ;
my $ dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem" ;
my $ userprincipalname = "administrator\@$ctx->{dnsname}" ;
my $ userdir = "$cadir/Users/$userprincipalname" ;
my $ usercert = "$userdir/USER-$userprincipalname-cert.pem" ;
my $ userkey_private = "$userdir/USER-$userprincipalname-private-key.pem" ;
my $ tlsdir = "$ctx->{tlsdir}" ;
my $ pkinitdir = "$ctx->{prefix_abs}/pkinit" ;
#TLS and PKINIT crypto blobs
my $ dhfile = "$tlsdir/dhparms.pem" ;
my $ cafile = "$tlsdir/ca.pem" ;
my $ crlfile = "$tlsdir/crl.pem" ;
my $ certfile = "$tlsdir/cert.pem" ;
my $ keyfile = "$tlsdir/key.pem" ;
my $ usercertfile = "$pkinitdir/USER-$userprincipalname-cert.pem" ;
my $ userkeyfile = "$pkinitdir/USER-$userprincipalname-private-key.pem" ;
mkdir ( $ tlsdir , 0700 ) ;
mkdir ( $ pkinitdir , 0700 ) ;
my $ oldumask = umask ;
umask 0077 ;
# This is specified here to avoid draining entropy on every run
# generate by
# openssl dhparam -out dhparms.pem -text -2 8192
open ( DHFILE , ">$dhfile" ) ;
print DHFILE << EOF ;
- - - - - BEGIN DH PARAMETERS - - - - -
MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs /peysY9e3LgWh/x rc87
SWJNSUrqFJFh2m357WH0XGcTdTk0b /8aIYIWjbwEhWR/ 5 hZ + 1 x2TDrX1awkYayAe
pr0arycmWHaAmhw + m + dBdj2O2jRMe7gn0ha85JALNl + Z3wv2q2eys8TIiQ2dbHPx
XvpMmlAv7QHZnpSpX /XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/ Q83pJXMEVVB
WESEQPZC38v6hVIXIlF4J7jXjV3 + NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
yXORCSMMXMygP + dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW / p
jSMzEOa1NevhKNFL3dSZJx5m + 5 ZeMvWXlCqXSptmVdbs5wz5jkMUm / E6pVfM5lyb
Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
N9Sc + UkDvLxnCW + qzjyPXGlQU1SsJwMLWa2ZecL / uYE4bOdcN3g + 5 WHkevyDnXqR
+ yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
tse00 + 0 nc + GbH2y + jP0sE7xil1QeilZl + aQ3tX9vL0cnCa + 8602 kXxU7P5HaX2 + d
05 pvoHmeZbDV85io36oF976gBYeYN + qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
OkIZXW7WoKEuO /YSfizUIqXwmAMJjnEMJCWG51MZZKx/ /9Hsdp1RXSm/ bRSbvXB7
MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz + sU1XcqR38kpVf4gKASL
xURia64s4emuJF + YHIObyydazQ + 6 /wX/ C + m + nyfhuxSO6j1janPwtYbU + Uj3TzeM
04 K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc + NF9L / BSocV
/ cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
DlaWOXn4td031jr0EisX8QtFR7 + /0Nfoni6ydFGs5fNH/ L1ckq6FEO4OhgucJw9H
YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n + h7St1peNJCNJjMbEhRsPRx
RmNGWh4AL8rho4RO9OBao0MnUdjbbffD + wIBAg ==
- - - - - END DH PARAMETERS - - - - -
EOF
close ( DHFILE ) ;
if ( ! - e $ { dckey_private } ) {
umask $ oldumask ;
return ;
}
copy_file_content ( $ { cacert } , $ { cafile } ) ;
copy_file_content ( $ { cacrl_pem } , $ { crlfile } ) ;
copy_file_content ( $ { dccert } , $ { certfile } ) ;
copy_file_content ( $ { dckey_private } , $ { keyfile } ) ;
if ( - e $ { userkey_private } ) {
copy_file_content ( $ { usercert } , $ { usercertfile } ) ;
copy_file_content ( $ { userkey_private } , $ { userkeyfile } ) ;
}
# COMPAT stuff to be removed in a later commit
my $ kdccertfile = "$tlsdir/kdc.pem" ;
copy_file_content ( $ { dccert } , $ { kdccertfile } ) ;
if ( - e $ { userkey_private } ) {
my $ adminkeyfile = "$tlsdir/adminkey.pem" ;
my $ admincertfile = "$tlsdir/admincert.pem" ;
my $ admincertupnfile = "$tlsdir/admincertupn.pem" ;
copy_file_content ( $ { userkey_private } , $ { adminkeyfile } ) ;
copy_file_content ( $ { usercert } , $ { admincertfile } ) ;
copy_file_content ( $ { usercert } , $ { admincertupnfile } ) ;
}
umask $ oldumask ;
}
2011-08-26 16:02:01 +10:00
sub mk_krb5_conf ($$)
2011-04-19 16:38:46 +10:00
{
2015-03-24 19:05:10 +01:00
my ( $ ctx ) = @ _ ;
2011-04-19 16:38:46 +10:00
unless ( open ( KRB5CONF , ">$ctx->{krb5_conf}" ) ) {
2011-05-08 06:54:50 +02:00
warn ( "can't open $ctx->{krb5_conf}$?" ) ;
2011-04-19 16:38:46 +10:00
return undef ;
}
2011-08-26 16:02:01 +10:00
my $ our_realms_stanza = mk_realms_stanza ( $ ctx - > { realm } ,
$ ctx - > { dnsname } ,
$ ctx - > { domain } ,
$ ctx - > { kdc_ipv4 } ) ;
2011-04-19 16:38:46 +10:00
print KRB5CONF "
#Generated krb5.conf for $ctx->{realm}
[ libdefaults ]
default_realm = $ ctx - > { realm }
2015-07-09 10:11:22 +02:00
dns_lookup_realm = false
2015-03-24 19:05:10 +01:00
dns_lookup_kdc = true
2011-04-19 16:38:46 +10:00
ticket_lifetime = 24 h
forwardable = yes
allow_weak_crypto = yes
2016-04-27 01:00:14 +02:00
" ;
if ( defined ( $ ctx - > { supported_enctypes } ) ) {
print KRB5CONF "
default_etypes = $ ctx - > { supported_enctypes }
default_as_etypes = $ ctx - > { supported_enctypes }
default_tgs_enctypes = $ ctx - > { supported_enctypes }
default_tkt_enctypes = $ ctx - > { supported_enctypes }
permitted_enctypes = $ ctx - > { supported_enctypes }
" ;
}
print KRB5CONF "
2011-04-19 16:38:46 +10:00
[ realms ]
2011-08-26 16:02:01 +10:00
$ our_realms_stanza
2011-04-19 16:38:46 +10:00
" ;
2011-08-26 16:02:01 +10:00
2011-04-19 16:38:46 +10:00
if ( defined ( $ ctx - > { tlsdir } ) ) {
print KRB5CONF "
[ appdefaults ]
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
[ kdc ]
enable - pkinit = true
pkinit_identity = FILE: $ ctx - > { tlsdir } /kdc.pem,$ctx->{tlsdir}/ key . pem
pkinit_anchors = FILE: $ ctx - > { tlsdir } / ca . pem
" ;
}
close ( KRB5CONF ) ;
}
2011-08-26 16:02:01 +10:00
sub mk_realms_stanza ($$$$)
{
my ( $ realm , $ dnsname , $ domain , $ kdc_ipv4 ) = @ _ ;
2015-01-21 17:27:09 +13:00
my $ lc_domain = lc ( $ domain ) ;
2011-08-26 16:02:01 +10:00
my $ realms_stanza = "
$ realm = {
kdc = $ kdc_ipv4:88
admin_server = $ kdc_ipv4:88
default_domain = $ dnsname
}
$ dnsname = {
kdc = $ kdc_ipv4:88
admin_server = $ kdc_ipv4:88
default_domain = $ dnsname
}
$ domain = {
kdc = $ kdc_ipv4:88
admin_server = $ kdc_ipv4:88
default_domain = $ dnsname
}
2015-01-21 17:27:09 +13:00
$ lc_domain = {
kdc = $ kdc_ipv4:88
admin_server = $ kdc_ipv4:88
default_domain = $ dnsname
}
2011-08-26 16:02:01 +10:00
" ;
return $ realms_stanza ;
}
2012-03-02 11:44:56 +11:00
sub get_interface ($)
{
my ( $ netbiosname ) = @ _ ;
$ netbiosname = lc ( $ netbiosname ) ;
my % interfaces = ( ) ;
2015-03-06 09:34:11 +01:00
$ interfaces { "localnt4dc2" } = 3 ;
2015-03-06 10:01:33 +01:00
$ interfaces { "localnt4member3" } = 4 ;
2013-07-01 13:02:47 +02:00
$ interfaces { "localshare4" } = 5 ;
$ interfaces { "localktest6" } = 7 ;
$ interfaces { "maptoguest" } = 8 ;
2015-03-06 09:39:54 +01:00
$ interfaces { "localnt4dc9" } = 9 ;
2012-03-02 11:44:56 +11:00
# 11-16 used by selftest.pl for client interfaces
$ interfaces { "localdc" } = 21 ;
$ interfaces { "localvampiredc" } = 22 ;
$ interfaces { "s4member" } = 23 ;
$ interfaces { "localrpcproxy" } = 24 ;
$ interfaces { "dc5" } = 25 ;
$ interfaces { "dc6" } = 26 ;
$ interfaces { "dc7" } = 27 ;
$ interfaces { "rodc" } = 28 ;
$ interfaces { "localadmember" } = 29 ;
2015-03-05 18:08:43 +01:00
$ interfaces { "addc" } = 30 ;
2012-03-02 11:44:56 +11:00
$ interfaces { "localsubdc" } = 31 ;
$ interfaces { "chgdcpass" } = 32 ;
2012-07-06 15:39:09 +10:00
$ interfaces { "promotedvdc" } = 33 ;
2013-02-21 12:33:23 -07:00
$ interfaces { "rfc2307member" } = 34 ;
2015-05-15 09:43:29 +02:00
$ interfaces { "fileserver" } = 35 ;
2016-03-17 17:13:28 +13:00
$ interfaces { "fakednsforwarder1" } = 36 ;
$ interfaces { "fakednsforwarder2" } = 37 ;
2012-03-02 11:44:56 +11:00
# update lib/socket_wrapper/socket_wrapper.c
2015-08-07 12:53:08 +12:00
# #define MAX_WRAPPED_INTERFACES 40
# if you wish to have more than 40 interfaces
2012-03-02 11:44:56 +11:00
if ( not defined ( $ interfaces { $ netbiosname } ) ) {
die ( ) ;
}
return $ interfaces { $ netbiosname } ;
}
2012-03-04 17:30:45 +11:00
sub cleanup_child ($$)
{
my ( $ pid , $ name ) = @ _ ;
2014-09-04 12:55:53 +02:00
2016-05-14 00:49:40 +02:00
if ( ! defined ( $ pid ) ) {
print STDERR "cleanup_child: pid not defined ... not calling waitpid\n" ;
return - 1 ;
2014-09-04 12:55:53 +02:00
}
2016-05-14 00:49:40 +02:00
my $ childpid = waitpid ( $ pid , WNOHANG ) ;
2012-03-04 17:30:45 +11:00
if ( $ childpid == 0 ) {
} elsif ( $ childpid < 0 ) {
2016-05-14 00:38:48 +02:00
printf STDERR "%s child process %d isn't here any more\n" , $ name , $ pid ;
2012-03-04 17:30:45 +11:00
return $ childpid ;
2016-05-14 00:51:19 +02:00
} elsif ( $? & 127 ) {
2012-03-04 17:30:45 +11:00
printf STDERR "%s child process %d, died with signal %d, %s coredump\n" ,
2016-05-14 00:44:18 +02:00
$ name , $ childpid , ( $? & 127 ) , ( $? & 128 ) ? 'with' : 'without' ;
2012-03-04 17:30:45 +11:00
} else {
printf STDERR "%s child process %d exited with value %d\n" , $ name , $ childpid , $? >> 8 ;
}
return $ childpid ;
}
2011-04-18 17:38:35 +10:00
1 ;