2007-03-06 00:28:55 +03:00
#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba4 ;
use strict ;
2007-04-17 17:06:00 +04:00
use Cwd qw( abs_path ) ;
2007-03-06 00:28:55 +03:00
use FindBin qw( $RealBin ) ;
use POSIX ;
2010-11-27 05:03:50 +03:00
use SocketWrapper ;
2011-04-27 05:19:20 +04:00
use target::Samba ;
2011-04-19 10:38:46 +04:00
use target::Samba3 ;
2007-03-06 00:28:55 +03:00
2009-01-21 12:14:29 +03:00
sub new ($$$$$) {
2015-06-05 03:22:45 +03:00
my ( $ classname , $ bindir , $ ldap , $ srcdir , $ server_maxtime ) = @ _ ;
2011-04-15 06:27:30 +04:00
2010-11-01 01:05:03 +03:00
my $ self = {
vars = > { } ,
ldap = > $ ldap ,
bindir = > $ bindir ,
2011-02-03 07:14:31 +03:00
srcdir = > $ srcdir ,
2011-04-19 10:38:46 +04:00
server_maxtime = > $ server_maxtime ,
2015-06-05 03:22:45 +03:00
target3 = > new Samba3 ( $ bindir , $ srcdir , $ server_maxtime )
2007-04-17 04:30:01 +04:00
} ;
2007-03-21 18:57:07 +03:00
bless $ self ;
return $ self ;
}
2011-02-03 07:14:31 +03:00
sub scriptdir_path ($$) {
my ( $ self , $ path ) = @ _ ;
return "$self->{srcdir}/source4/scripting/$path" ;
}
2007-04-23 11:33:15 +04:00
sub openldap_start ($$$) {
}
2007-04-11 00:19:31 +04:00
sub slapd_start ($$)
2007-03-06 00:28:55 +03:00
{
2007-04-12 16:45:41 +04:00
my $ count = 0 ;
2013-09-19 16:52:59 +04:00
my ( $ self , $ env_vars , $ STDIN_READER ) = @ _ ;
2011-04-27 05:19:20 +04:00
my $ ldbsearch = Samba:: bindir_path ( $ self , "ldbsearch" ) ;
2007-04-11 00:19:31 +04:00
my $ uri = $ env_vars - > { LDAP_URI } ;
2009-08-14 04:21:04 +04:00
if ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) == 0 ) {
print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!" ;
return 1 ;
}
2007-03-06 09:30:36 +03:00
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
2013-09-19 16:52:59 +04:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
open STDOUT , ">$env_vars->{LDAPDIR}/logs" ;
open STDERR , '>&STDOUT' ;
close ( $ env_vars - > { STDIN_PIPE } ) ;
open STDIN , ">&" , $ STDIN_READER or die "can't dup STDIN_READER to STDIN: $!" ;
if ( $ self - > { ldap } eq "fedora-ds" ) {
exec ( "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" , "-D" , $ env_vars - > { FEDORA_DS_DIR } , "-d0" , "-i" , $ env_vars - > { FEDORA_DS_PIDFILE } ) ;
} elsif ( $ self - > { ldap } eq "openldap" ) {
exec ( $ ENV { OPENLDAP_SLAPD } , "-dnone" , "-F" , $ env_vars - > { SLAPD_CONF_D } , "-h" , $ uri ) ;
}
die ( "Unable to start slapd: $!" ) ;
2007-03-06 00:28:55 +03:00
}
2013-09-19 16:52:59 +04:00
$ env_vars - > { SLAPD_PID } = $ pid ;
sleep ( 1 ) ;
2009-01-21 12:09:30 +03:00
while ( system ( "$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null" ) != 0 ) {
2010-09-14 16:41:42 +04:00
$ count + + ;
2007-04-23 11:33:15 +04:00
if ( $ count > 40 ) {
2010-09-14 16:41:42 +04:00
$ self - > slapd_stop ( $ env_vars ) ;
return 0 ;
2007-03-07 14:05:59 +03:00
}
sleep ( 1 ) ;
}
2007-03-06 09:30:36 +03:00
return 1 ;
2007-03-06 00:28:55 +03:00
}
2007-04-11 00:19:31 +04:00
sub slapd_stop ($$)
2007-03-06 00:28:55 +03:00
{
2007-04-11 00:19:31 +04:00
my ( $ self , $ envvars ) = @ _ ;
2013-09-19 16:52:59 +04:00
kill 9 , $ envvars - > { SLAPD_PID } ;
2007-04-24 01:56:23 +04:00
return 1 ;
2007-03-06 00:28:55 +03:00
}
2011-08-12 08:37:04 +04:00
sub check_or_start ($$$)
2007-03-06 00:28:55 +03:00
{
2012-03-04 10:30:45 +04:00
my ( $ self , $ env_vars , $ process_model ) = @ _ ;
2013-09-19 16:52:59 +04:00
my $ STDIN_READER ;
2007-03-21 18:57:07 +03:00
2015-12-07 03:18:38 +03:00
my $ env_ok = $ self - > check_env ( $ env_vars ) ;
if ( $ env_ok ) {
2016-05-05 02:35:46 +03:00
return $ env_vars - > { SAMBA_PID } ;
} elsif ( defined ( $ env_vars - > { SAMBA_PID } ) ) {
warn ( "SAMBA PID $env_vars->{SAMBA_PID} is not running (died)" ) ;
return undef ;
2015-12-07 03:18:38 +03:00
}
2012-03-04 10:30:45 +04:00
# use a pipe for stdin in the child processes. This allows
# those processes to monitor the pipe for EOF to ensure they
# exit when the test script exits
2013-09-19 16:52:59 +04:00
pipe ( $ STDIN_READER , $ env_vars - > { STDIN_PIPE } ) ;
# Start slapd before samba, but with the fifo on stdin
if ( defined ( $ self - > { ldap } ) ) {
unless ( $ self - > slapd_start ( $ env_vars , $ STDIN_READER ) ) {
warn ( "couldn't start slapd (main run)" ) ;
return undef ;
}
}
2012-03-04 10:30:45 +04:00
2016-06-17 11:47:06 +03:00
print "STARTING SAMBA...\n" ;
2007-03-06 00:28:55 +03:00
my $ pid = fork ( ) ;
if ( $ pid == 0 ) {
2009-08-12 08:38:55 +04:00
# we want out from samba to go to the log file, but also
# to the users terminal when running 'make test' on the command
# line. This puts it on stderr on the terminal
open STDOUT , "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2" ;
2007-03-06 00:28:55 +03:00
open STDERR , '>&STDOUT' ;
2009-08-12 08:38:55 +04:00
2007-04-17 19:33:50 +04:00
SocketWrapper:: set_default_iface ( $ env_vars - > { SOCKET_WRAPPER_DEFAULT_IFACE } ) ;
2010-11-01 01:05:03 +03:00
$ ENV { KRB5_CONFIG } = $ env_vars - > { KRB5_CONFIG } ;
2016-09-22 19:46:28 +03:00
$ ENV { KRB5CCNAME } = "$env_vars->{KRB5_CCACHE}.samba" ;
2014-02-20 13:34:49 +04:00
$ ENV { SELFTEST_WINBINDD_SOCKET_DIR } = $ env_vars - > { SELFTEST_WINBINDD_SOCKET_DIR } ;
2012-03-04 10:30:45 +04:00
$ ENV { NMBD_SOCKET_DIR } = $ env_vars - > { NMBD_SOCKET_DIR } ;
2007-04-17 07:47:51 +04:00
2007-11-05 17:49:40 +03:00
$ ENV { NSS_WRAPPER_PASSWD } = $ env_vars - > { NSS_WRAPPER_PASSWD } ;
$ ENV { NSS_WRAPPER_GROUP } = $ env_vars - > { NSS_WRAPPER_GROUP } ;
2013-06-27 18:12:47 +04:00
$ ENV { NSS_WRAPPER_HOSTS } = $ env_vars - > { NSS_WRAPPER_HOSTS } ;
2016-06-07 11:23:59 +03:00
$ ENV { NSS_WRAPPER_HOSTNAME } = $ env_vars - > { NSS_WRAPPER_HOSTNAME } ;
2013-06-12 17:42:01 +04:00
$ ENV { NSS_WRAPPER_MODULE_SO_PATH } = $ env_vars - > { NSS_WRAPPER_MODULE_SO_PATH } ;
$ ENV { NSS_WRAPPER_MODULE_FN_PREFIX } = $ env_vars - > { NSS_WRAPPER_MODULE_FN_PREFIX } ;
2007-11-05 17:49:40 +03:00
2014-09-10 13:00:28 +04:00
if ( defined ( $ env_vars - > { RESOLV_WRAPPER_CONF } ) ) {
$ ENV { RESOLV_WRAPPER_CONF } = $ env_vars - > { RESOLV_WRAPPER_CONF } ;
} else {
$ ENV { RESOLV_WRAPPER_HOSTS } = $ env_vars - > { RESOLV_WRAPPER_HOSTS } ;
}
2009-08-05 04:50:03 +04:00
$ ENV { UID_WRAPPER } = "1" ;
2015-10-13 14:02:07 +03:00
$ ENV { UID_WRAPPER_ROOT } = "1" ;
2009-08-05 04:50:03 +04:00
2012-03-04 10:30:45 +04:00
$ ENV { MAKE_TEST_BINARY } = Samba:: bindir_path ( $ self , "samba" ) ;
my @ preargs = ( ) ;
my @ optargs = ( ) ;
2009-03-20 18:11:14 +03:00
if ( defined ( $ ENV { SAMBA_OPTIONS } ) ) {
2012-03-04 10:30:45 +04:00
@ optargs = split ( / / , $ ENV { SAMBA_OPTIONS } ) ;
2007-03-06 00:28:55 +03:00
}
2012-03-04 10:30:45 +04:00
if ( defined ( $ ENV { SAMBA_VALGRIND } ) ) {
@ preargs = split ( / / , $ ENV { SAMBA_VALGRIND } ) ;
2007-03-06 00:28:55 +03:00
}
2012-03-04 10:30:45 +04:00
close ( $ env_vars - > { STDIN_PIPE } ) ;
2013-09-19 16:52:59 +04:00
open STDIN , ">&" , $ STDIN_READER or die "can't dup STDIN_READER to STDIN: $!" ;
2012-03-04 10:30:45 +04:00
exec ( @ preargs , Samba:: bindir_path ( $ self , "samba" ) , "-M" , $ process_model , "-i" , "--maximum-runtime=$self->{server_maxtime}" , $ env_vars - > { CONFIGURATION } , @ optargs ) or die ( "Unable to start samba: $!" ) ;
2007-03-06 00:28:55 +03:00
}
2012-03-04 10:30:45 +04:00
$ env_vars - > { SAMBA_PID } = $ pid ;
2015-12-07 03:18:38 +03:00
print "DONE ($pid)\n" ;
2007-03-06 00:28:55 +03:00
2013-09-19 16:52:59 +04:00
close ( $ STDIN_READER ) ;
2007-03-21 18:57:07 +03:00
2015-12-07 03:18:38 +03:00
if ( $ self - > wait_for_start ( $ env_vars ) != 0 ) {
warn ( "Samba $pid failed to start up" ) ;
return undef ;
}
2007-03-06 00:28:55 +03:00
return $ pid ;
}
2007-04-04 16:23:10 +04:00
sub wait_for_start ($$)
2007-03-06 00:28:55 +03:00
{
2007-04-04 16:23:10 +04:00
my ( $ self , $ testenv_vars ) = @ _ ;
2016-06-17 11:01:19 +03:00
my $ count = 0 ;
2015-12-07 03:18:38 +03:00
my $ ret = 0 ;
if ( not $ self - > check_env ( $ testenv_vars ) ) {
warn ( "unable to confirm Samba $testenv_vars->{SAMBA_PID} is running" ) ;
return - 1 ;
}
2010-11-01 01:05:03 +03:00
# This will return quickly when things are up, but be slow if we
# need to wait for (eg) SSL init
2012-05-25 03:44:17 +04:00
my $ nmblookup = Samba:: bindir_path ( $ self , "nmblookup4" ) ;
2016-06-17 11:01:19 +03:00
do {
$ ret = system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
if ( $ ret != 0 ) {
sleep ( 1 ) ;
} else {
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}" ) ;
system ( "$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}" ) ;
}
$ count + + ;
} while ( $ ret != 0 && $ count < 20 ) ;
if ( $ count == 10 ) {
warn ( "nbt not reachable after 20 retries\n" ) ;
teardown_env ( $ self , $ testenv_vars ) ;
return 0 ;
}
2007-04-18 18:02:26 +04:00
2013-06-19 05:33:36 +04:00
# Ensure we have the first RID Set before we start tests. This makes the tests more reliable.
2015-01-26 13:53:12 +03:00
if ( $ testenv_vars - > { SERVER_ROLE } eq "domain controller" and not ( $ testenv_vars - > { NETBIOSNAME } eq "RODC" ) ) {
2016-06-17 10:48:19 +03:00
# Add hosts file for name lookups
$ ENV { NSS_WRAPPER_HOSTS } = $ testenv_vars - > { NSS_WRAPPER_HOSTS } ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ testenv_vars - > { RESOLV_WRAPPER_CONF } ) ) {
$ ENV { RESOLV_WRAPPER_CONF } = $ testenv_vars - > { RESOLV_WRAPPER_CONF } ;
} else {
$ ENV { RESOLV_WRAPPER_HOSTS } = $ testenv_vars - > { RESOLV_WRAPPER_HOSTS } ;
}
2013-06-27 18:12:47 +04:00
2013-06-19 05:33:36 +04:00
print "waiting for working LDAP and a RID Set to be allocated\n" ;
my $ ldbsearch = Samba:: bindir_path ( $ self , "ldbsearch" ) ;
my $ count = 0 ;
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ testenv_vars - > { REALM } ) ) ;
my $ rid_set_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn" ;
2016-05-05 13:21:11 +03:00
my $ max_wait = 60 ;
2016-06-17 14:03:34 +03:00
my $ cmd = "$ldbsearch $testenv_vars->{CONFIGURATION} -H ldap://$testenv_vars->{SERVER} -U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} -s base -b \"$rid_set_dn\" rIDAllocationPool" ;
while ( system ( "$cmd >/dev/null" ) != 0 ) {
2013-06-19 05:33:36 +04:00
$ count + + ;
2016-05-05 10:34:41 +03:00
if ( $ count > $ max_wait ) {
warn ( "Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}" ) ;
2015-12-07 03:18:38 +03:00
$ ret = - 1 ;
2013-06-19 05:33:36 +04:00
last ;
}
sleep ( 1 ) ;
}
}
2007-04-18 18:02:26 +04:00
print $ self - > getlog_env ( $ testenv_vars ) ;
2013-06-19 05:33:36 +04:00
return $ ret
2007-03-06 00:28:55 +03:00
}
2007-04-17 04:30:01 +04:00
sub write_ldb_file ($$$)
{
my ( $ self , $ file , $ ldif ) = @ _ ;
2011-04-27 05:19:20 +04:00
my $ ldbadd = Samba:: bindir_path ( $ self , "ldbadd" ) ;
2009-01-21 12:09:30 +03:00
open ( LDIF , "|$ldbadd -H $file >/dev/null" ) ;
2007-04-17 04:30:01 +04:00
print LDIF $ ldif ;
2010-09-14 16:41:42 +04:00
return ( close ( LDIF ) ) ;
2007-04-17 04:30:01 +04:00
}
sub add_wins_config ($$)
{
my ( $ self , $ privatedir ) = @ _ ;
return $ self - > write_ldb_file ( "$privatedir/wins_config.ldb" , "
2010-06-16 13:02:48 +04:00
dn: name = TORTURE_11 , CN = PARTNERS
2007-04-17 04:30:01 +04:00
objectClass: wreplPartner
2010-06-16 13:02:48 +04:00
name: TORTURE_11
address: 127.0 .0 .11
2007-04-17 04:30:01 +04:00
pullInterval: 0
pushChangeCount: 0
type: 0x3
" ) ;
}
2009-08-13 11:01:27 +04:00
sub mk_fedora_ds ($$)
2007-04-17 04:30:01 +04:00
{
2010-01-29 04:35:29 +03:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 04:30:01 +04:00
#Make the subdirectory be as fedora DS would expect
2010-01-29 04:35:29 +03:00
my $ fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}" ;
2007-04-17 04:30:01 +04:00
2010-01-29 04:35:29 +03:00
my $ pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid" ;
2007-04-17 04:30:01 +04:00
return ( $ fedora_ds_dir , $ pidfile ) ;
}
2009-08-13 11:01:27 +04:00
sub mk_openldap ($$)
2007-04-17 04:30:01 +04:00
{
2010-01-29 04:35:29 +03:00
my ( $ self , $ ctx ) = @ _ ;
2007-04-17 04:30:01 +04:00
2010-01-29 04:35:29 +03:00
my $ slapd_conf_d = "$ctx->{ldapdir}/slapd.d" ;
my $ pidfile = "$ctx->{ldapdir}/slapd.pid" ;
2007-04-17 04:30:01 +04:00
2009-08-13 11:01:27 +04:00
return ( $ slapd_conf_d , $ pidfile ) ;
2007-04-17 04:30:01 +04:00
}
2015-05-11 14:45:59 +03:00
sub setup_namespaces ( $ $ : $ $ )
{
my ( $ self , $ localenv , $ upn_array , $ spn_array ) = @ _ ;
@ { $ upn_array } = [] unless defined ( $ upn_array ) ;
my $ upn_args = "" ;
foreach my $ upn ( @ { $ upn_array } ) {
$ upn_args . = " --add-upn-suffix=$upn" ;
}
@ { $ spn_array } = [] unless defined ( $ spn_array ) ;
my $ spn_args = "" ;
foreach my $ spn ( @ { $ spn_array } ) {
$ spn_args . = " --add-spn-suffix=$spn" ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd_env = "" ;
$ cmd_env . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ localenv - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd_env . = "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd_env . = "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2016-09-22 19:46:28 +03:00
$ cmd_env . = " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" " ;
$ cmd_env . = "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" " ;
2015-05-11 14:45:59 +03:00
my $ cmd_config = " $localenv->{CONFIGURATION}" ;
my $ namespaces = $ cmd_env ;
$ namespaces . = " $samba_tool domain trust namespaces $upn_args $spn_args" ;
$ namespaces . = $ cmd_config ;
unless ( system ( $ namespaces ) == 0 ) {
warn ( "Failed to add namespaces \n$namespaces" ) ;
return ;
}
return ;
}
2015-02-11 11:58:07 +03:00
sub setup_trust ($$$$$)
{
my ( $ self , $ localenv , $ remoteenv , $ type , $ extra_args ) = @ _ ;
$ localenv - > { TRUST_SERVER } = $ remoteenv - > { SERVER } ;
$ localenv - > { TRUST_SERVER_IP } = $ remoteenv - > { SERVER_IP } ;
$ localenv - > { TRUST_SERVER_IPV6 } = $ remoteenv - > { SERVER_IPV6 } ;
$ localenv - > { TRUST_NETBIOSNAME } = $ remoteenv - > { NETBIOSNAME } ;
$ localenv - > { TRUST_USERNAME } = $ remoteenv - > { USERNAME } ;
$ localenv - > { TRUST_PASSWORD } = $ remoteenv - > { PASSWORD } ;
$ localenv - > { TRUST_DOMAIN } = $ remoteenv - > { DOMAIN } ;
$ localenv - > { TRUST_REALM } = $ remoteenv - > { REALM } ;
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
# setup the trust
my $ cmd_env = "" ;
$ cmd_env . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ localenv - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd_env . = "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd_env . = "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2016-09-22 19:46:28 +03:00
$ cmd_env . = " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" " ;
$ cmd_env . = "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" " ;
2015-02-11 11:58:07 +03:00
my $ cmd_config = " $localenv->{CONFIGURATION}" ;
my $ cmd_creds = $ cmd_config ;
$ cmd_creds . = " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}" ;
my $ create = $ cmd_env ;
$ create . = " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}" ;
$ create . = " $extra_args" ;
$ create . = $ cmd_creds ;
unless ( system ( $ create ) == 0 ) {
warn ( "Failed to create trust \n$create" ) ;
return undef ;
}
return $ localenv
}
2014-09-10 12:59:39 +04:00
sub provision_raw_prepare ($$$$$$$$$$$)
2007-04-17 04:30:01 +04:00
{
2011-06-24 20:50:51 +04:00
my ( $ self , $ prefix , $ server_role , $ hostname ,
2010-06-15 16:24:36 +04:00
$ domain , $ realm , $ functional_level ,
2014-09-10 12:59:39 +04:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 ) = @ _ ;
2009-02-04 13:18:32 +03:00
my $ ctx ;
2011-06-24 20:50:51 +04:00
my $ netbiosname = uc ( $ hostname ) ;
2007-04-17 04:30:01 +04:00
2010-09-14 16:41:42 +04:00
unless ( - d $ prefix or mkdir ( $ prefix , 0777 ) ) {
warn ( "Unable to create $prefix" ) ;
return undef ;
}
2007-04-17 17:06:00 +04:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2007-04-17 19:33:50 +04:00
2009-02-04 13:18:32 +03:00
die ( "prefix=''" ) if $ prefix_abs eq "" ;
die ( "prefix='/'" ) if $ prefix_abs eq "/" ;
2007-04-17 04:30:01 +04:00
2010-09-14 16:41:42 +04:00
unless ( system ( "rm -rf $prefix_abs/*" ) == 0 ) {
warn ( "Unable to clean up" ) ;
}
2007-04-17 04:30:01 +04:00
2012-03-02 04:44:56 +04:00
my $ swiface = Samba:: get_interface ( $ hostname ) ;
2009-02-04 13:18:32 +03:00
$ ctx - > { prefix } = $ prefix ;
$ ctx - > { prefix_abs } = $ prefix_abs ;
2010-02-24 07:09:28 +03:00
2009-02-04 13:18:32 +03:00
$ ctx - > { server_role } = $ server_role ;
2011-06-24 20:50:51 +04:00
$ ctx - > { hostname } = $ hostname ;
2009-02-04 13:18:32 +03:00
$ ctx - > { netbiosname } = $ netbiosname ;
$ ctx - > { swiface } = $ swiface ;
$ ctx - > { password } = $ password ;
2009-02-10 20:00:48 +03:00
$ ctx - > { kdc_ipv4 } = $ kdc_ipv4 ;
2014-09-10 12:59:39 +04:00
$ ctx - > { kdc_ipv6 } = $ kdc_ipv6 ;
2016-09-22 19:46:28 +03:00
$ ctx - > { krb5_ccname } = "$prefix_abs/krb5cc_%{uid}" ;
2016-04-27 02:00:14 +03:00
if ( $ functional_level eq "2000" ) {
$ ctx - > { supported_enctypes } = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"
}
2007-04-17 19:33:50 +04:00
2012-08-31 23:41:48 +04:00
#
# Set smbd log level here.
#
2010-11-23 23:47:36 +03:00
$ ctx - > { server_loglevel } = $ ENV { SERVER_LOG_LEVEL } || 1 ;
2009-07-27 16:39:10 +04:00
$ ctx - > { username } = "Administrator" ;
2010-06-15 16:24:36 +04:00
$ ctx - > { domain } = $ domain ;
$ ctx - > { realm } = uc ( $ realm ) ;
$ ctx - > { dnsname } = lc ( $ realm ) ;
2009-02-04 13:18:32 +03:00
2010-06-15 16:24:36 +04:00
$ ctx - > { functional_level } = $ functional_level ;
2009-02-04 13:18:32 +03:00
my $ unix_name = ( $ ENV { USER } or $ ENV { LOGNAME } or `whoami` ) ;
chomp $ unix_name ;
$ ctx - > { unix_name } = $ unix_name ;
$ ctx - > { unix_uid } = $> ;
2014-05-13 14:57:10 +04:00
my @ mygid = split ( " " , $( ) ;
$ ctx - > { unix_gid } = $ mygid [ 0 ] ;
2009-02-04 13:18:32 +03:00
$ ctx - > { unix_gids_str } = $ ) ;
@ { $ ctx - > { unix_gids } } = split ( " " , $ ctx - > { unix_gids_str } ) ;
$ ctx - > { etcdir } = "$prefix_abs/etc" ;
$ ctx - > { piddir } = "$prefix_abs/pid" ;
$ ctx - > { smb_conf } = "$ctx->{etcdir}/smb.conf" ;
$ ctx - > { krb5_conf } = "$ctx->{etcdir}/krb5.conf" ;
2016-09-22 19:46:28 +03:00
$ ctx - > { krb5_ccache } = "$prefix_abs/krb5_ccache" ;
2009-02-04 13:18:32 +03:00
$ ctx - > { privatedir } = "$prefix_abs/private" ;
$ ctx - > { ncalrpcdir } = "$prefix_abs/ncalrpc" ;
$ ctx - > { lockdir } = "$prefix_abs/lockdir" ;
2012-08-30 16:09:10 +04:00
$ ctx - > { logdir } = "$prefix_abs/logs" ;
2011-07-12 15:12:50 +04:00
$ ctx - > { statedir } = "$prefix_abs/statedir" ;
$ ctx - > { cachedir } = "$prefix_abs/cachedir" ;
2009-02-04 13:18:32 +03:00
$ ctx - > { winbindd_socket_dir } = "$prefix_abs/winbindd_socket" ;
$ ctx - > { winbindd_privileged_socket_dir } = "$prefix_abs/winbindd_privileged_socket" ;
$ ctx - > { ntp_signd_socket_dir } = "$prefix_abs/ntp_signd_socket" ;
$ ctx - > { nsswrap_passwd } = "$ctx->{etcdir}/passwd" ;
$ ctx - > { nsswrap_group } = "$ctx->{etcdir}/group" ;
2013-06-27 18:12:47 +04:00
$ ctx - > { nsswrap_hosts } = "$ENV{SELFTEST_PREFIX}/hosts" ;
2016-06-07 11:23:59 +03:00
$ ctx - > { nsswrap_hostname } = "$ctx->{hostname}.$ctx->{dnsname}" ;
2014-09-10 13:00:28 +04:00
if ( $ ENV { SAMBA_DNS_FAKING } ) {
$ ctx - > { dns_host_file } = "$ENV{SELFTEST_PREFIX}/dns_host_file" ;
$ ctx - > { samba_dnsupdate } = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}" ;
} else {
2016-06-10 06:43:37 +03:00
$ ctx - > { samba_dnsupdate } = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate -s $ctx->{smb_conf} --all-interfaces" ;
$ ctx - > { use_resolv_wrapper } = 1 ;
2014-09-10 13:00:28 +04:00
}
2016-06-10 06:43:37 +03:00
$ ctx - > { resolv_conf } = "$ctx->{etcdir}/resolv.conf" ;
2009-02-04 13:18:32 +03:00
$ ctx - > { tlsdir } = "$ctx->{privatedir}/tls" ;
$ ctx - > { ipv4 } = "127.0.0.$swiface" ;
2014-06-19 19:21:16 +04:00
$ ctx - > { ipv6 } = sprintf ( "fd00:0000:0000:0000:0000:0000:5357:5f%02x" , $ swiface ) ;
$ ctx - > { interfaces } = "$ctx->{ipv4}/8 $ctx->{ipv6}/64" ;
2009-02-04 13:18:32 +03:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { privatedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { etcdir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { piddir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { lockdir } ) ;
2012-08-30 16:09:10 +04:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { logdir } ) ;
2011-07-12 15:12:50 +04:00
push ( @ { $ ctx - > { directories } } , $ ctx - > { statedir } ) ;
push ( @ { $ ctx - > { directories } } , $ ctx - > { cachedir } ) ;
2009-02-04 13:18:32 +03:00
2009-02-10 19:01:51 +03:00
$ ctx - > { smb_conf_extra_options } = "" ;
2009-02-04 13:18:32 +03:00
2009-02-10 19:55:54 +03:00
my @ provision_options = ( ) ;
2016-09-23 07:14:45 +03:00
push ( @ provision_options , "KRB5_CONFIG=\"$ctx->{krb5_conf}\"" ) ;
2016-09-22 19:46:28 +03:00
push ( @ provision_options , "KRB5_CCACHE=\"$ctx->{krb5_ccache}\"" ) ;
2009-02-10 19:55:54 +03:00
push ( @ provision_options , "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"" ) ;
push ( @ provision_options , "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"" ) ;
2013-06-27 18:12:47 +04:00
push ( @ provision_options , "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"" ) ;
2016-06-07 11:23:59 +03:00
push ( @ provision_options , "NSS_WRAPPER_HOSTNAME=\"$ctx->{nsswrap_hostname}\"" ) ;
2016-06-10 06:43:37 +03:00
if ( defined ( $ ctx - > { use_resolv_wrapper } ) ) {
2014-09-10 13:00:28 +04:00
push ( @ provision_options , "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\"" ) ;
} else {
push ( @ provision_options , "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\"" ) ;
}
2009-02-10 19:55:54 +03:00
if ( defined ( $ ENV { GDB_PROVISION } ) ) {
2009-02-23 21:33:39 +03:00
push ( @ provision_options , "gdb --args" ) ;
2010-10-18 15:11:40 +04:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 19:55:54 +03:00
}
if ( defined ( $ ENV { VALGRIND_PROVISION } ) ) {
push ( @ provision_options , "valgrind" ) ;
2010-10-18 15:11:40 +04:00
if ( ! defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , "env" ) ;
push ( @ provision_options , "python" ) ;
}
2009-02-10 19:55:54 +03:00
}
if ( defined ( $ ENV { PYTHON } ) ) {
push ( @ provision_options , $ ENV { PYTHON } ) ;
}
2012-09-10 16:47:21 +04:00
push ( @ provision_options , Samba:: bindir_path ( $ self , "samba-tool" ) ) ;
push ( @ provision_options , "domain" ) ;
push ( @ provision_options , "provision" ) ;
2009-02-10 19:55:54 +03:00
push ( @ provision_options , "--configfile=$ctx->{smb_conf}" ) ;
2011-06-24 20:50:51 +04:00
push ( @ provision_options , "--host-name=$ctx->{hostname}" ) ;
2009-02-10 19:55:54 +03:00
push ( @ provision_options , "--host-ip=$ctx->{ipv4}" ) ;
push ( @ provision_options , "--quiet" ) ;
push ( @ provision_options , "--domain=$ctx->{domain}" ) ;
push ( @ provision_options , "--realm=$ctx->{realm}" ) ;
push ( @ provision_options , "--adminpass=$ctx->{password}" ) ;
push ( @ provision_options , "--krbtgtpass=krbtgt$ctx->{password}" ) ;
push ( @ provision_options , "--machinepass=machine$ctx->{password}" ) ;
push ( @ provision_options , "--root=$ctx->{unix_name}" ) ;
push ( @ provision_options , "--server-role=\"$ctx->{server_role}\"" ) ;
2010-06-15 16:24:36 +04:00
push ( @ provision_options , "--function-level=\"$ctx->{functional_level}\"" ) ;
2009-02-10 19:55:54 +03:00
@ { $ ctx - > { provision_options } } = @ provision_options ;
2009-02-04 13:18:32 +03:00
return $ ctx ;
}
2007-04-17 04:30:01 +04:00
2009-02-04 13:18:32 +03:00
#
2009-02-10 19:55:54 +03:00
# Step1 creates the basic configuration
#
sub provision_raw_step1 ($$)
2009-02-04 13:18:32 +03:00
{
my ( $ self , $ ctx ) = @ _ ;
2007-05-01 07:28:12 +04:00
2009-02-04 13:18:32 +03:00
mkdir ( $ _ , 0777 ) foreach ( @ { $ ctx - > { directories } } ) ;
2007-05-01 07:28:12 +04:00
2012-12-22 03:16:10 +04:00
##
## lockdir and piddir must be 0755
##
chmod 0755 , $ ctx - > { lockdir } ;
chmod 0755 , $ ctx - > { piddir } ;
2010-09-14 16:41:42 +04:00
unless ( open ( CONFFILE , ">$ctx->{smb_conf}" ) ) {
warn ( "can't open $ctx->{smb_conf}$?" ) ;
return undef ;
}
2016-01-09 23:21:25 +03:00
Samba:: prepare_keyblobs ( $ ctx ) ;
2016-01-09 23:21:25 +03:00
my $ crlfile = "$ctx->{tlsdir}/crl.pem" ;
$ crlfile = "" unless - e $ { crlfile } ;
2016-01-09 23:21:25 +03:00
2007-04-17 04:30:01 +04:00
print CONFFILE "
[ global ]
2009-02-04 13:18:32 +03:00
netbios name = $ ctx - > { netbiosname }
2011-07-12 15:14:41 +04:00
posix:eadb = $ ctx - > { statedir } / eadb . tdb
2009-02-04 13:18:32 +03:00
workgroup = $ ctx - > { domain }
realm = $ ctx - > { realm }
private dir = $ ctx - > { privatedir }
pid directory = $ ctx - > { piddir }
ncalrpc dir = $ ctx - > { ncalrpcdir }
lock dir = $ ctx - > { lockdir }
2011-07-20 15:02:22 +04:00
state directory = $ ctx - > { statedir }
cache directory = $ ctx - > { cachedir }
2009-02-04 13:18:32 +03:00
winbindd socket directory = $ ctx - > { winbindd_socket_dir }
winbindd privileged socket directory = $ ctx - > { winbindd_privileged_socket_dir }
ntp signd socket directory = $ ctx - > { ntp_signd_socket_dir }
winbind separator = /
interfaces = $ ctx - > { interfaces }
tls dh params file = $ ctx - > { tlsdir } / dhparms . pem
2016-01-09 23:21:25 +03:00
tls crlfile = $ { crlfile }
2016-03-26 10:38:46 +03:00
tls verify peer = no_check
2011-07-13 11:26:31 +04:00
panic action = $ RealBin / gdb_backtrace \ % d
2007-04-17 04:30:01 +04:00
wins support = yes
2009-02-04 13:18:32 +03:00
server role = $ ctx - > { server_role }
2012-09-12 10:52:15 +04:00
server services = + echo + smb - s3fs
2012-06-16 06:54:12 +04:00
dcerpc endpoint servers = + winreg + srvsvc
2007-04-17 04:30:01 +04:00
notify:inotify = false
ldb:nosync = true
2015-12-21 12:27:33 +03:00
ldap server require strong auth = yes
2007-04-17 04:30:01 +04:00
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
2012-08-30 16:09:10 +04:00
log file = $ ctx - > { logdir } / log . \ % m
2009-02-04 13:18:32 +03:00
log level = $ ctx - > { server_loglevel }
2010-02-11 12:48:47 +03:00
lanman auth = Yes
2016-07-21 10:26:27 +03:00
ntlm auth = Yes
2010-03-26 11:03:22 +03:00
rndc command = true
2014-09-10 13:00:28 +04:00
dns update command = $ ctx - > { samba_dnsupdate }
2012-05-11 18:01:33 +04:00
spn update command = $ ENV { SRCDIR_ABS } /source4/sc ripting /bin/s amba_spnupdate - s $ ctx - > { smb_conf }
2010-07-09 11:23:04 +04:00
dreplsrv:periodic_startup_interval = 0
2011-11-12 14:03:05 +04:00
dsdb:schema update allowed = yes
2011-08-22 04:05:02 +04:00
2012-08-23 14:13:45 +04:00
vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
2012-12-28 05:36:06 +04:00
idmap_ldb:use rfc2307 = yes
2014-05-20 03:16:07 +04:00
winbind enum users = yes
winbind enum groups = yes
2010-02-11 12:48:47 +03:00
" ;
2009-10-28 23:28:31 +03:00
print CONFFILE "
2007-04-17 04:30:01 +04:00
2009-02-10 19:01:51 +03:00
# Begin extra options
$ ctx - > { smb_conf_extra_options }
# End extra options
2007-04-17 04:30:01 +04:00
" ;
close ( CONFFILE ) ;
2011-04-18 10:09:30 +04:00
#Default the KDC IP to the server's IP
if ( not defined ( $ ctx - > { kdc_ipv4 } ) ) {
2014-09-10 12:59:39 +04:00
$ ctx - > { kdc_ipv4 } = $ ctx - > { ipv4 } ;
}
if ( not defined ( $ ctx - > { kdc_ipv6 } ) ) {
$ ctx - > { kdc_ipv6 } = $ ctx - > { ipv6 } ;
}
2011-04-18 10:09:30 +04:00
2015-03-24 21:05:10 +03:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2007-04-17 04:30:01 +04:00
2009-02-04 13:18:32 +03:00
open ( PWD , ">$ctx->{nsswrap_passwd}" ) ;
2015-02-02 18:05:17 +03:00
if ( $ ctx - > { unix_uid } != 0 ) {
print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n" ;
}
2015-02-05 18:07:35 +03:00
print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n" ;
2015-02-02 18:05:17 +03:00
print PWD " nobody:x:65534:65533:nobody gecos: $ ctx - > { prefix_abs } : /bin/ false
2012-06-27 11:51:55 +04:00
pdbtest:x:65533:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
2014-05-16 06:30:43 +04:00
pdbtest2:x:65532:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
pdbtest3:x:65531:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
pdbtest4:x:65530:65533:pdbtest gecos: $ ctx - > { prefix_abs } : /bin/ false
2007-11-05 17:49:40 +03:00
" ;
close ( PWD ) ;
2012-12-28 05:36:06 +04:00
my $ uid_rfc2307test = 65533 ;
2007-11-05 17:49:40 +03:00
2009-02-04 13:18:32 +03:00
open ( GRP , ">$ctx->{nsswrap_group}" ) ;
2015-02-03 16:59:06 +03:00
if ( $ ctx - > { unix_gid } != 0 ) {
print GRP "root:x:0:\n" ;
}
print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n" ;
print GRP " wheel:x:10:
2015-02-05 18:07:35 +03:00
users:x:65531:
2007-11-05 17:49:40 +03:00
nobody:x:65533:
nogroup:x:65534:nobody
" ;
close ( GRP ) ;
2012-12-28 05:36:06 +04:00
my $ gid_rfc2307test = 65532 ;
2007-11-05 17:49:40 +03:00
2013-06-27 18:12:47 +04:00
my $ hostname = lc ( $ ctx - > { hostname } ) ;
open ( HOSTS , ">>$ctx->{nsswrap_hosts}" ) ;
2014-12-03 17:44:57 +03:00
if ( $ hostname eq "localdc" ) {
print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n" ;
print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n" ;
} else {
print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n" ;
print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n" ;
}
2013-06-27 18:12:47 +04:00
close ( HOSTS ) ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ctx - > { resolv_conf } ) ) {
open ( RESOLV_CONF , ">$ctx->{resolv_conf}" ) ;
print RESOLV_CONF "nameserver $ctx->{kdc_ipv4}\n" ;
print RESOLV_CONF "nameserver $ctx->{kdc_ipv6}\n" ;
close ( RESOLV_CONF ) ;
}
2009-02-04 13:18:32 +03:00
my $ configuration = "--configfile=$ctx->{smb_conf}" ;
2007-04-17 04:30:01 +04:00
#Ensure the config file is valid before we start
2011-06-04 02:20:54 +04:00
my $ testparm = Samba:: bindir_path ( $ self , "samba-tool" ) . " testparm" ;
2009-01-21 12:09:30 +03:00
if ( system ( "$testparm $configuration -v --suppress-prompt >/dev/null 2>&1" ) != 0 ) {
system ( "$testparm -v --suppress-prompt $configuration >&2" ) ;
2010-09-14 16:41:42 +04:00
warn ( "Failed to create a valid smb.conf configuration $testparm!" ) ;
return undef ;
2007-04-17 04:30:01 +04:00
}
2010-09-14 16:41:42 +04:00
unless ( system ( "($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1" ) == 0 ) {
warn ( "Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global" ) ;
return undef ;
}
2007-04-17 04:30:01 +04:00
my $ ret = {
2009-02-04 13:18:32 +03:00
KRB5_CONFIG = > $ ctx - > { krb5_conf } ,
2016-09-22 19:46:28 +03:00
KRB5_CCACHE = > $ ctx - > { krb5_ccache } ,
2009-02-04 13:18:32 +03:00
PIDDIR = > $ ctx - > { piddir } ,
2011-06-24 20:50:51 +04:00
SERVER = > $ ctx - > { hostname } ,
2009-02-04 13:18:32 +03:00
SERVER_IP = > $ ctx - > { ipv4 } ,
2014-06-19 19:21:16 +04:00
SERVER_IPV6 = > $ ctx - > { ipv6 } ,
2009-02-04 13:18:32 +03:00
NETBIOSNAME = > $ ctx - > { netbiosname } ,
DOMAIN = > $ ctx - > { domain } ,
USERNAME = > $ ctx - > { username } ,
REALM = > $ ctx - > { realm } ,
PASSWORD = > $ ctx - > { password } ,
LDAPDIR = > $ ctx - > { ldapdir } ,
2010-01-29 04:35:29 +03:00
LDAP_INSTANCE = > $ ctx - > { ldap_instance } ,
2014-02-20 13:34:49 +04:00
SELFTEST_WINBINDD_SOCKET_DIR = > $ ctx - > { winbindd_socket_dir } ,
2009-02-04 13:18:32 +03:00
NCALRPCDIR = > $ ctx - > { ncalrpcdir } ,
LOCKDIR = > $ ctx - > { lockdir } ,
2011-07-12 15:12:50 +04:00
STATEDIR = > $ ctx - > { statedir } ,
CACHEDIR = > $ ctx - > { cachedir } ,
2012-08-29 03:10:40 +04:00
PRIVATEDIR = > $ ctx - > { privatedir } ,
2009-02-04 13:18:32 +03:00
SERVERCONFFILE = > $ ctx - > { smb_conf } ,
2007-04-17 19:33:50 +04:00
CONFIGURATION = > $ configuration ,
2009-02-04 13:18:32 +03:00
SOCKET_WRAPPER_DEFAULT_IFACE = > $ ctx - > { swiface } ,
NSS_WRAPPER_PASSWD = > $ ctx - > { nsswrap_passwd } ,
NSS_WRAPPER_GROUP = > $ ctx - > { nsswrap_group } ,
2013-06-27 18:12:47 +04:00
NSS_WRAPPER_HOSTS = > $ ctx - > { nsswrap_hosts } ,
2016-06-07 11:23:59 +03:00
NSS_WRAPPER_HOSTNAME = > $ ctx - > { nsswrap_hostname } ,
2009-02-04 13:18:32 +03:00
SAMBA_TEST_FIFO = > "$ctx->{prefix}/samba_test.fifo" ,
SAMBA_TEST_LOG = > "$ctx->{prefix}/samba_test.log" ,
2009-02-04 17:17:14 +03:00
SAMBA_TEST_LOG_POS = > 0 ,
2013-06-12 17:42:01 +04:00
NSS_WRAPPER_MODULE_SO_PATH = > Samba:: nss_wrapper_winbind_so_path ( $ self ) ,
NSS_WRAPPER_MODULE_FN_PREFIX = > "winbind" ,
2012-12-28 05:36:06 +04:00
LOCAL_PATH = > $ ctx - > { share } ,
UID_RFC2307TEST = > $ uid_rfc2307test ,
2013-06-19 05:33:36 +04:00
GID_RFC2307TEST = > $ gid_rfc2307test ,
2016-06-10 06:43:37 +03:00
SERVER_ROLE = > $ ctx - > { server_role } ,
RESOLV_CONF = > $ ctx - > { resolv_conf }
2007-04-17 04:30:01 +04:00
} ;
2016-06-10 06:43:37 +03:00
if ( defined ( $ ctx - > { use_resolv_wrapper } ) ) {
$ ret - > { RESOLV_WRAPPER_CONF } = $ ctx - > { resolv_conf } ;
2014-09-10 13:00:28 +04:00
} else {
$ ret - > { RESOLV_WRAPPER_HOSTS } = $ ctx - > { dns_host_file } ;
}
2009-02-10 19:55:54 +03:00
return $ ret ;
}
2007-04-23 11:33:15 +04:00
2009-02-10 19:55:54 +03:00
#
# Step2 runs the provision script
#
sub provision_raw_step2 ($$$)
{
my ( $ self , $ ctx , $ ret ) = @ _ ;
2007-04-24 01:56:23 +04:00
2009-02-10 19:55:54 +03:00
my $ provision_cmd = join ( " " , @ { $ ctx - > { provision_options } } ) ;
2010-09-14 16:41:42 +04:00
unless ( system ( $ provision_cmd ) == 0 ) {
warn ( "Unable to provision: \n$provision_cmd\n" ) ;
return undef ;
}
2007-04-23 11:33:15 +04:00
2015-03-29 12:15:29 +03:00
my $ testallowed_account = "testallowed" ;
2015-10-24 00:41:23 +03:00
my $ samba_tool_cmd = "" ;
$ samba_tool_cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ samba_tool_cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2015-10-24 00:41:23 +03:00
$ samba_tool_cmd . = Samba:: bindir_path ( $ self , "samba-tool" )
2016-07-05 11:53:08 +03:00
. " user create --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}" ;
2015-01-05 06:32:23 +03:00
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to add testallowed user: \n$samba_tool_cmd\n" ) ;
return undef ;
}
2015-10-24 00:41:23 +03:00
my $ ldbmodify = "" ;
$ ldbmodify . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ ldbmodify . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2015-10-24 00:41:23 +03:00
$ ldbmodify . = Samba:: bindir_path ( $ self , "ldbmodify" ) ;
2015-01-23 07:19:41 +03:00
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ ctx - > { realm } ) ) ;
2015-03-12 12:43:57 +03:00
if ( $ ctx - > { server_role } ne "domain controller" ) {
$ base_dn = "DC=$ctx->{netbiosname}" ;
}
2015-03-29 12:15:29 +03:00
my $ user_dn = "cn=$testallowed_account,cn=users,$base_dn" ;
$ testallowed_account = "testallowed account" ;
2015-01-23 07:19:41 +03:00
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
2015-03-12 03:43:49 +03:00
replace: samAccountName
2015-03-29 12:15:29 +03:00
samAccountName: $ testallowed_account
2015-03-12 03:43:49 +03:00
-
" ;
close ( LDIF ) ;
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
2015-01-23 07:19:41 +03:00
replace: userPrincipalName
2015-03-12 02:56:56 +03:00
userPrincipalName: testallowed upn \ @$ ctx - > { realm }
2015-02-03 01:36:49 +03:00
replace: servicePrincipalName
servicePrincipalName: host / testallowed
2015-01-23 07:19:41 +03:00
-
" ;
close ( LDIF ) ;
2015-10-24 00:41:23 +03:00
$ samba_tool_cmd = "" ;
$ samba_tool_cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ samba_tool_cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2015-10-24 00:41:23 +03:00
$ samba_tool_cmd . = Samba:: bindir_path ( $ self , "samba-tool" )
2016-07-05 11:53:08 +03:00
. " user create --configfile=$ctx->{smb_conf} testdenied $ctx->{password}" ;
2015-01-05 06:32:23 +03:00
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to add testdenied user: \n$samba_tool_cmd\n" ) ;
return undef ;
}
2015-01-23 07:19:41 +03:00
my $ user_dn = "cn=testdenied,cn=users,$base_dn" ;
open ( LDIF , "|$ldbmodify -H $ctx->{privatedir}/sam.ldb" ) ;
print LDIF " dn: $ user_dn
changetype: modify
replace: userPrincipalName
userPrincipalName: testdenied_upn \ @$ ctx - > { realm } . upn
-
" ;
close ( LDIF ) ;
2015-10-24 00:41:23 +03:00
$ samba_tool_cmd = "" ;
$ samba_tool_cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ samba_tool_cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2015-10-24 00:41:23 +03:00
$ samba_tool_cmd . = Samba:: bindir_path ( $ self , "samba-tool" )
2015-03-29 12:15:29 +03:00
. " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'" ;
2015-01-05 06:32:23 +03:00
unless ( system ( $ samba_tool_cmd ) == 0 ) {
2015-03-29 12:15:29 +03:00
warn ( "Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n" ) ;
2015-01-05 06:32:23 +03:00
return undef ;
}
2016-09-25 19:41:50 +03:00
# Create to users alice and bob!
my $ user_account_array = [ "alice" , "bob" ] ;
foreach my $ user_account ( @ { $ user_account_array } ) {
my $ samba_tool_cmd = "" ;
$ samba_tool_cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
$ samba_tool_cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
$ samba_tool_cmd . = Samba:: bindir_path ( $ self , "samba-tool" )
. " user create --configfile=$ctx->{smb_conf} $user_account Secret007" ;
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to create user: $user_account\n$samba_tool_cmd\n" ) ;
return undef ;
}
}
2009-02-04 13:18:32 +03:00
return $ ret ;
}
2014-09-10 12:59:39 +04:00
sub provision ($$$$$$$$$$)
2009-02-04 13:18:32 +03:00
{
2011-06-24 20:50:51 +04:00
my ( $ self , $ prefix , $ server_role , $ hostname ,
2010-11-01 01:05:03 +03:00
$ domain , $ realm , $ functional_level ,
2014-09-10 12:59:39 +04:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 , $ extra_smbconf_options , $ extra_smbconf_shares ,
2012-09-12 10:52:15 +04:00
$ extra_provision_options ) = @ _ ;
2009-02-04 13:18:32 +03:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , $ server_role ,
2011-06-24 20:50:51 +04:00
$ hostname ,
2010-06-15 16:24:36 +04:00
$ domain , $ realm , $ functional_level ,
2014-09-10 12:59:39 +04:00
$ password , $ kdc_ipv4 , $ kdc_ipv6 ) ;
2012-09-12 10:52:15 +04:00
if ( defined ( $ extra_provision_options ) ) {
push ( @ { $ ctx - > { provision_options } } , @ { $ extra_provision_options } ) ;
} else {
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
}
2009-02-04 13:18:32 +03:00
2012-04-30 09:08:38 +04:00
$ ctx - > { share } = "$ctx->{prefix_abs}/share" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/test1" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/test2" ) ;
2012-08-30 16:09:49 +04:00
# precreate directories for printer drivers
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/W32X86" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/x64" ) ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}/WIN40" ) ;
2010-05-11 21:22:24 +04:00
my $ msdfs = "no" ;
$ msdfs = "yes" if ( $ server_role eq "domain controller" ) ;
2009-02-10 19:01:51 +03:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
2010-05-11 21:22:24 +04:00
host msdfs = $ msdfs
2010-06-23 00:11:00 +04:00
lanman auth = yes
2013-12-06 16:41:43 +04:00
allow nt4 crypto = yes
2009-02-10 19:01:51 +03:00
2015-06-10 16:30:04 +03:00
# fruit:copyfile is a global option
fruit:copyfile = yes
2011-03-18 21:13:43 +03:00
$ extra_smbconf_options
2009-02-10 19:01:51 +03:00
[ tmp ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share }
2009-02-10 19:01:51 +03:00
read only = no
2015-06-19 07:49:41 +03:00
posix:sharedelay = 100000
2009-02-10 19:01:51 +03:00
posix:oplocktimeout = 3
2015-06-19 07:49:41 +03:00
posix:writetimeupdatedelay = 500000
2009-02-10 19:01:51 +03:00
2011-10-28 23:15:51 +04:00
[ xcopy_share ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share }
2011-10-28 23:15:51 +04:00
read only = no
2015-06-19 07:49:41 +03:00
posix:sharedelay = 100000
2011-10-28 23:15:51 +04:00
posix:oplocktimeout = 3
2015-06-19 07:49:41 +03:00
posix:writetimeupdatedelay = 500000
2011-09-09 03:03:23 +04:00
create mask = 777
force create mode = 777
2011-10-28 23:15:51 +04:00
2012-06-05 07:44:08 +04:00
[ posix_share ]
path = $ ctx - > { share }
read only = no
create mask = 0777
force create mode = 0
directory mask = 0777
force directory mode = 0
2009-02-10 19:01:51 +03:00
[ test1 ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share } / test1
2009-02-10 19:01:51 +03:00
read only = no
2015-06-19 07:49:41 +03:00
posix:sharedelay = 100000
2009-02-10 19:01:51 +03:00
posix:oplocktimeout = 3
2015-06-19 07:49:41 +03:00
posix:writetimeupdatedelay = 500000
2009-02-10 19:01:51 +03:00
[ test2 ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share } / test2
2009-02-10 19:01:51 +03:00
read only = no
2015-06-19 07:49:41 +03:00
posix:sharedelay = 100000
2009-02-10 19:01:51 +03:00
posix:oplocktimeout = 3
2015-06-19 07:49:41 +03:00
posix:writetimeupdatedelay = 500000
2009-02-10 19:01:51 +03:00
[ cifs ]
2014-08-06 18:54:43 +04:00
path = $ ctx - > { share } / _ignore_cifs_
2009-02-10 19:01:51 +03:00
read only = no
ntvfs handler = cifs
cifs:server = $ ctx - > { netbiosname }
cifs:share = tmp
2011-03-18 21:13:43 +03:00
cifs:use - s4u2proxy = yes
# There is no username specified here, instead the client is expected
# to log in with kerberos, and the serverwill use delegated credentials.
# Or the server tries s4u2self/s4u2proxy to impersonate the client
2009-02-10 19:01:51 +03:00
[ simple ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share }
2009-02-10 19:01:51 +03:00
read only = no
ntvfs handler = simple
[ sysvol ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } / sysvol
2012-11-05 05:57:17 +04:00
read only = no
2009-02-10 19:01:51 +03:00
[ netlogon ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2009-02-10 19:01:51 +03:00
read only = no
[ cifsposix ]
copy = simple
ntvfs handler = cifsposix
2012-04-26 09:20:02 +04:00
2014-07-08 07:47:02 +04:00
[ vfs_fruit ]
path = $ ctx - > { share }
2015-05-10 12:58:32 +03:00
vfs objects = catia fruit streams_xattr acl_xattr
ea support = yes
2014-07-08 07:47:02 +04:00
fruit:ressource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
2012-04-26 09:20:02 +04:00
$ extra_smbconf_shares
2009-02-10 19:01:51 +03:00
" ;
2009-02-10 19:55:54 +03:00
if ( defined ( $ self - > { ldap } ) ) {
$ ctx - > { ldapdir } = "$ctx->{privatedir}/ldap" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{ldapdir}" ) ;
my $ ldap_uri = "$ctx->{ldapdir}/ldapi" ;
$ ldap_uri =~ s | / | % 2F | g ;
$ ldap_uri = "ldapi://$ldap_uri" ;
$ ctx - > { ldap_uri } = $ ldap_uri ;
2010-01-29 04:35:29 +03:00
$ ctx - > { ldap_instance } = lc ( $ ctx - > { netbiosname } ) ;
2009-02-10 19:55:54 +03:00
}
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-11-01 01:00:46 +03:00
unless ( defined $ ret ) {
2010-09-14 16:41:42 +04:00
return undef ;
}
2009-02-10 19:55:54 +03:00
if ( defined ( $ self - > { ldap } ) ) {
2010-09-14 16:41:42 +04:00
$ ret - > { LDAP_URI } = $ ctx - > { ldap_uri } ;
2009-08-13 11:01:27 +04:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-type=" . $ self - > { ldap } ) ;
2010-04-22 05:37:41 +04:00
push ( @ { $ ctx - > { provision_options } } , "--ldap-backend-nosync" ) ;
2009-02-10 19:55:54 +03:00
if ( $ self - > { ldap } eq "openldap" ) {
2010-09-14 16:41:42 +04:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . $ ENV { OPENLDAP_SLAPD } ) ;
2010-01-29 04:35:29 +03:00
( $ ret - > { SLAPD_CONF_D } , $ ret - > { OPENLDAP_PIDFILE } ) = $ self - > mk_openldap ( $ ctx ) or die ( "Unable to create openldap directories" ) ;
2009-02-10 19:55:54 +03:00
2009-08-10 16:01:28 +04:00
} elsif ( $ self - > { ldap } eq "fedora-ds" ) {
2009-08-13 11:01:27 +04:00
push ( @ { $ ctx - > { provision_options } } , "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd" ) ;
push ( @ { $ ctx - > { provision_options } } , "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl" ) ;
2010-01-29 04:35:29 +03:00
( $ ret - > { FEDORA_DS_DIR } , $ ret - > { FEDORA_DS_PIDFILE } ) = $ self - > mk_fedora_ds ( $ ctx ) or die ( "Unable to create fedora ds directories" ) ;
2009-02-10 19:55:54 +03:00
}
}
2010-09-14 16:41:42 +04:00
return $ self - > provision_raw_step2 ( $ ctx , $ ret ) ;
2007-04-17 04:30:01 +04:00
}
2016-09-29 18:50:58 +03:00
sub provision_s4member ($$$$$)
2007-04-12 12:33:35 +04:00
{
2016-09-29 18:50:58 +03:00
my ( $ self , $ prefix , $ dcvars , $ hostname , $ more_conf ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING MEMBER...\n" ;
2014-05-20 03:10:22 +04:00
my $ extra_smb_conf = "
passdb backend = samba_dsdb
winbindd:use external pipes = true
2015-07-15 12:10:24 +03:00
# the source4 smb server doesn't allow signing by default
server signing = enabled
2014-05-20 03:10:22 +04:00
rpc_server:default = external
rpc_server:svcctl = embedded
rpc_server:srvsvc = embedded
rpc_server:eventlog = embedded
rpc_server:ntsvcs = embedded
rpc_server:winreg = embedded
rpc_server:spoolss = embedded
rpc_daemon:spoolssd = embedded
rpc_server:tcpip = no
" ;
2016-09-29 18:50:58 +03:00
if ( $ more_conf ) {
$ extra_smb_conf = $ extra_smb_conf . $ more_conf . "\n" ;
}
2007-04-29 17:54:51 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
2016-09-29 18:50:58 +03:00
$ hostname ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 16:24:36 +04:00
"2008" ,
2010-06-16 13:22:30 +04:00
"locMEMpass3" ,
2010-02-19 07:56:30 +03:00
$ dcvars - > { SERVER_IP } ,
2014-09-10 12:59:39 +04:00
$ dcvars - > { SERVER_IPV6 } ,
2014-05-20 03:10:22 +04:00
$ extra_smb_conf , "" , undef ) ;
2010-09-14 16:41:42 +04:00
unless ( $ ret ) {
return undef ;
}
2007-04-12 12:33:35 +04:00
2011-04-27 05:19:20 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2007-04-30 15:16:50 +04:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2007-04-30 15:16:50 +04:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-07-19 06:54:37 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 07:56:30 +03:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 15:57:45 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2007-04-30 15:16:50 +04:00
2010-09-14 16:41:42 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2007-04-16 14:44:26 +04:00
2010-02-19 07:56:30 +03:00
$ ret - > { MEMBER_SERVER } = $ ret - > { SERVER } ;
$ ret - > { MEMBER_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { MEMBER_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 07:56:30 +03:00
$ ret - > { MEMBER_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { MEMBER_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { MEMBER_PASSWORD } = $ ret - > { PASSWORD } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-02-19 07:56:30 +03:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
sub provision_rpc_proxy ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING RPC PROXY...\n" ;
2010-02-19 07:56:30 +03:00
2011-03-18 21:13:43 +03:00
my $ extra_smbconf_options = "
2014-04-09 07:54:07 +04:00
passdb backend = samba_dsdb
2011-03-18 21:13:43 +03:00
# rpc_proxy
dcerpc_remote:binding = ncacn_ip_tcp: $ dcvars - > { SERVER }
dcerpc endpoint servers = epmapper , remote
dcerpc_remote:interfaces = rpcecho
[ cifs_to_dc ]
2014-08-06 18:54:43 +04:00
path = /tmp/ _ignore_cifs_to_dc_ / _none_
2011-03-18 21:13:43 +03:00
read only = no
ntvfs handler = cifs
cifs:server = $ dcvars - > { SERVER }
cifs:share = cifs
cifs:use - s4u2proxy = yes
# There is no username specified here, instead the client is expected
# to log in with kerberos, and the serverwill use delegated credentials.
# Or the server tries s4u2self/s4u2proxy to impersonate the client
2010-02-19 07:56:30 +03:00
" ;
my $ ret = $ self - > provision ( $ prefix ,
"member server" ,
"localrpcproxy" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 16:24:36 +04:00
"2008" ,
2010-06-16 13:22:30 +04:00
"locRPCproxypass4" ,
2010-02-19 07:56:30 +03:00
$ dcvars - > { SERVER_IP } ,
2014-09-10 12:59:39 +04:00
$ dcvars - > { SERVER_IPV6 } ,
2012-09-12 10:52:15 +04:00
$ extra_smbconf_options , "" , undef ) ;
2010-09-14 16:41:42 +04:00
unless ( $ ret ) {
return undef ;
}
2010-02-19 07:56:30 +03:00
2011-04-27 05:19:20 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2011-03-18 21:13:43 +03:00
# The joind runs in the context of the rpc_proxy/member for now
2010-02-19 07:56:30 +03:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-02-19 07:56:30 +03:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-07-19 06:54:37 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member" ;
2010-02-19 07:56:30 +03:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 15:57:45 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2010-02-19 07:56:30 +03:00
2010-09-14 16:41:42 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-02-19 07:56:30 +03:00
2011-03-18 21:13:43 +03:00
# Setting up delegation runs in the context of the DC for now
2011-07-04 12:28:43 +04:00
$ cmd = "" ;
2011-03-18 21:13:43 +03:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-03-18 21:13:43 +03:00
$ cmd . = "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on" ;
2013-09-22 22:24:57 +04:00
$ cmd . = " $dcvars->{CONFIGURATION}" ;
print $ cmd ;
2011-03-18 21:13:43 +03:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Delegation failed\n$cmd" ) ;
return undef ;
}
# Setting up delegation runs in the context of the DC for now
2011-07-04 12:28:43 +04:00
$ cmd = "" ;
2011-03-18 21:13:43 +03:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-03-18 21:13:43 +03:00
$ cmd . = "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}" ;
2013-09-22 22:24:57 +04:00
$ cmd . = " $dcvars->{CONFIGURATION}" ;
2011-03-18 21:13:43 +03:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Delegation failed\n$cmd" ) ;
return undef ;
}
2010-02-19 07:56:30 +03:00
$ ret - > { RPC_PROXY_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RPC_PROXY_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { RPC_PROXY_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 07:56:30 +03:00
$ ret - > { RPC_PROXY_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { RPC_PROXY_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { RPC_PROXY_PASSWORD } = $ ret - > { PASSWORD } ;
2007-04-28 12:57:06 +04:00
2011-03-25 14:33:33 +03:00
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2011-03-25 14:33:33 +03:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
2007-04-17 04:30:01 +04:00
return $ ret ;
2007-04-12 12:33:35 +04:00
}
2013-01-27 15:15:50 +04:00
sub provision_promoted_dc ($$$)
2012-07-06 09:39:09 +04:00
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING PROMOTED DC...\n" ;
2012-07-06 09:39:09 +04:00
2015-02-17 05:47:47 +03:00
# We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'.
2012-07-06 09:39:09 +04:00
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"promotedvdc" ,
"SAMBADOMAIN" ,
"samba.example.com" ,
"2008" ,
$ dcvars - > { PASSWORD } ,
2014-09-10 12:59:39 +04:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2012-09-12 10:52:15 +04:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2012-07-06 09:39:09 +04:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { statedir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
unless ( $ ret ) {
return undef ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2012-07-06 09:39:09 +04:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2012-07-06 09:39:09 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}" ;
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 15:57:45 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD}" ;
2012-07-06 09:39:09 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2012-07-06 09:39:09 +04:00
$ cmd . = "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}" ;
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2012-12-26 03:03:47 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ" ;
2012-07-06 09:39:09 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2013-01-27 15:15:50 +04:00
$ ret - > { PROMOTED_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { PROMOTED_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { PROMOTED_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2013-01-27 15:15:50 +04:00
$ ret - > { PROMOTED_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
2012-07-06 09:39:09 +04:00
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2012-07-06 09:39:09 +04:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2010-03-12 02:36:12 +03:00
sub provision_vampire_dc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING VAMPIRE DC...\n" ;
2010-03-12 02:36:12 +03:00
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
2010-06-16 13:13:28 +04:00
"localvampiredc" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 16:24:36 +04:00
"2008" ,
2012-03-02 04:44:56 +04:00
$ dcvars - > { PASSWORD } ,
2014-09-10 12:59:39 +04:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2012-09-12 10:52:15 +04:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2010-03-12 02:36:12 +03:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } / sysvol
2010-03-12 02:36:12 +03:00
read only = yes
[ netlogon ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2010-03-12 02:36:12 +03:00
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 16:41:42 +04:00
unless ( $ ret ) {
return undef ;
}
2010-03-12 02:36:12 +03:00
2011-04-27 05:19:20 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-03-12 02:36:12 +03:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-03-12 02:36:12 +03:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-07-19 06:54:37 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}" ;
2011-08-12 01:07:35 +04:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only" ;
2013-02-28 15:57:45 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs" ;
2010-03-12 02:36:12 +03:00
2010-09-14 16:41:42 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
2010-03-12 02:36:12 +03:00
$ ret - > { VAMPIRE_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { VAMPIRE_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { VAMPIRE_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-03-12 02:36:12 +03:00
$ ret - > { VAMPIRE_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-03-12 02:36:12 +03:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
2013-09-09 09:14:45 +04:00
$ ret - > { DC_REALM } = $ dcvars - > { DC_REALM } ;
2010-03-12 02:36:12 +03:00
return $ ret ;
}
2011-08-25 15:47:03 +04:00
sub provision_subdom_dc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING SUBDOMAIN DC...\n" ;
2011-08-25 15:47:03 +04:00
# We do this so that we don't run the provision. That's the job of 'net vampire'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"localsubdc" ,
"SAMBASUBDOM" ,
"sub.samba.example.com" ,
"2008" ,
2012-03-02 04:44:56 +04:00
$ dcvars - > { PASSWORD } ,
2012-09-12 10:52:15 +04:00
undef ) ;
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2011-08-25 15:47:03 +04:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
path = $ ctx - > { statedir } / sysvol
read only = yes
[ netlogon ]
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
read only = no
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
unless ( $ ret ) {
return undef ;
}
2015-03-24 21:05:10 +03:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2011-08-25 15:47:03 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2011-08-25 15:47:03 +04:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2014-08-11 09:30:51 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain " ;
2011-08-25 15:47:03 +04:00
$ cmd . = "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}" ;
2013-02-28 15:57:45 +04:00
$ cmd . = " --machinepass=machine$ret->{PASSWORD} --use-ntvfs" ;
2014-08-11 05:36:09 +04:00
$ cmd . = " --adminpass=$ret->{PASSWORD}" ;
2011-08-25 15:47:03 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "Join failed\n$cmd" ) ;
return undef ;
}
$ ret - > { SUBDOM_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { SUBDOM_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { SUBDOM_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2011-08-25 15:47:03 +04:00
$ ret - > { SUBDOM_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2011-08-25 15:47:03 +04:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2015-03-06 01:38:26 +03:00
sub provision_ad_dc_ntvfs ($$)
2007-03-06 00:28:55 +03:00
{
2007-04-11 00:19:31 +04:00
my ( $ self , $ prefix ) = @ _ ;
2007-03-21 18:57:07 +03:00
2015-06-12 05:41:20 +03:00
# We keep the old 'winbind' name here in server services to
# ensure upgrades which used that name still work with the now
# alias.
2016-06-17 11:47:06 +03:00
print "PROVISIONING AD DC (NTVFS)...\n" ;
2014-05-20 02:15:31 +04:00
my $ extra_conf_options = " netbios aliases = localDC1 - a
2015-12-21 12:27:33 +03:00
server services = + winbind - winbindd
ldap server require strong auth = allow_sasl_over_tls
" ;
2007-04-29 17:54:51 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"localdc" ,
2010-11-01 01:05:03 +03:00
"SAMBADOMAIN" ,
"samba.example.com" ,
2010-06-15 16:24:36 +04:00
"2008" ,
2010-06-16 13:22:30 +04:00
"locDCpass1" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
$ extra_conf_options ,
"" ,
undef ) ;
2016-06-17 10:23:49 +03:00
unless ( $ ret ) {
return undef ;
}
2007-04-17 04:30:01 +04:00
2010-09-14 16:41:42 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2011-12-13 08:43:35 +04:00
$ ret - > { NETBIOSALIAS } = "localdc1-a" ;
2010-02-19 07:56:30 +03:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-02-19 07:56:30 +03:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
2013-09-09 09:14:45 +04:00
$ ret - > { DC_REALM } = $ ret - > { REALM } ;
2010-02-19 07:56:30 +03:00
2007-04-17 04:30:01 +04:00
return $ ret ;
2007-03-06 00:28:55 +03:00
}
2010-06-15 16:24:36 +04:00
sub provision_fl2000dc ($$)
{
my ( $ self , $ prefix ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING DC WITH FOREST LEVEL 2000...\n" ;
2016-04-25 17:02:22 +03:00
my $ extra_conf_options = "
spnego:simulate_w2k = yes
ntlmssp_server:force_old_spnego = yes
" ;
2010-06-15 16:24:36 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 03:53:20 +04:00
"dc5" ,
2010-11-01 01:05:03 +03:00
"SAMBA2000" ,
"samba2000.example.com" ,
2010-06-15 16:24:36 +04:00
"2000" ,
2010-06-16 13:14:46 +04:00
"locDCpass5" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
2016-04-25 17:02:22 +03:00
$ extra_conf_options ,
2014-09-10 12:59:39 +04:00
"" ,
undef ) ;
2016-06-17 10:23:49 +03:00
unless ( $ ret ) {
return undef ;
}
2010-06-15 16:24:36 +04:00
2010-09-14 16:41:42 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2016-04-26 09:50:00 +03:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
$ ret - > { DC_REALM } = $ ret - > { REALM } ;
2010-06-15 16:24:36 +04:00
return $ ret ;
}
2015-02-11 11:58:07 +03:00
sub provision_fl2003dc ($$$)
2010-06-21 16:17:40 +04:00
{
2015-02-11 11:58:07 +03:00
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-03-17 07:13:28 +03:00
my $ swiface1 = Samba:: get_interface ( "fakednsforwarder1" ) ;
my $ swiface2 = Samba:: get_interface ( "fakednsforwarder2" ) ;
2010-06-21 16:17:40 +04:00
2016-06-17 11:47:06 +03:00
print "PROVISIONING DC WITH FOREST LEVEL 2003...\n" ;
2016-03-17 07:13:28 +03:00
my $ extra_conf_options = " allow dns updates = nonsecure and secure
dns forwarder = 127.0 .0 . $ swiface1 127.0 .0 . $ swiface2 " ;
2010-06-21 16:17:40 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 03:53:20 +04:00
"dc6" ,
2010-06-21 16:17:40 +04:00
"SAMBA2003" ,
"samba2003.example.com" ,
"2003" ,
"locDCpass6" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
$ extra_conf_options ,
"" ,
undef ) ;
2014-05-19 09:32:56 +04:00
unless ( defined $ ret ) {
return undef ;
}
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2014-05-19 09:32:56 +04:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
2016-03-17 07:13:28 +03:00
$ ret - > { DNS_FORWARDER1 } = "127.0.0.$swiface1" ;
$ ret - > { DNS_FORWARDER2 } = "127.0.0.$swiface2" ;
2014-05-19 09:32:56 +04:00
my @ samba_tool_options ;
push ( @ samba_tool_options , Samba:: bindir_path ( $ self , "samba-tool" ) ) ;
push ( @ samba_tool_options , "domain" ) ;
push ( @ samba_tool_options , "passwordsettings" ) ;
push ( @ samba_tool_options , "set" ) ;
push ( @ samba_tool_options , "--configfile=$ret->{SERVERCONFFILE}" ) ;
push ( @ samba_tool_options , "--min-pwd-age=0" ) ;
push ( @ samba_tool_options , "--history-length=1" ) ;
my $ samba_tool_cmd = join ( " " , @ samba_tool_options ) ;
unless ( system ( $ samba_tool_cmd ) == 0 ) {
warn ( "Unable to set min password age to 0: \n$samba_tool_cmd\n" ) ;
return undef ;
}
2010-09-14 16:41:42 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2010-06-21 16:17:40 +04:00
return $ ret ;
}
2015-02-11 11:58:07 +03:00
sub provision_fl2008r2dc ($$$)
2010-06-21 16:17:40 +04:00
{
2015-02-11 11:58:07 +03:00
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2010-06-21 16:17:40 +04:00
2016-06-17 11:47:06 +03:00
print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n" ;
2015-12-21 12:27:33 +03:00
my $ extra_conf_options = "ldap server require strong auth = no" ;
2010-06-21 16:17:40 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2010-06-23 03:53:20 +04:00
"dc7" ,
2010-06-21 16:17:40 +04:00
"SAMBA2008R2" ,
"samba2008R2.example.com" ,
2010-06-23 04:24:14 +04:00
"2008_R2" ,
2010-06-21 16:17:40 +04:00
"locDCpass7" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
2015-12-21 12:27:33 +03:00
$ extra_conf_options ,
2014-09-10 12:59:39 +04:00
"" ,
undef ) ;
2016-06-17 10:23:49 +03:00
unless ( defined $ ret ) {
return undef ;
}
2010-06-21 16:17:40 +04:00
2010-09-14 16:41:42 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2016-04-26 09:50:00 +03:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
$ ret - > { DC_REALM } = $ ret - > { REALM } ;
2010-06-21 16:17:40 +04:00
return $ ret ;
}
2010-09-09 12:02:31 +04:00
sub provision_rodc ($$$)
{
my ( $ self , $ prefix , $ dcvars ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING RODC...\n" ;
2010-09-09 12:02:31 +04:00
# We do this so that we don't run the provision. That's the job of 'net join RODC'.
my $ ctx = $ self - > provision_raw_prepare ( $ prefix , "domain controller" ,
"rodc" ,
"SAMBADOMAIN" ,
"samba.example.com" ,
"2008" ,
2012-03-02 04:44:56 +04:00
$ dcvars - > { PASSWORD } ,
2014-09-10 12:59:39 +04:00
$ dcvars - > { SERVER_IP } ,
$ dcvars - > { SERVER_IPV6 } ) ;
2010-09-14 16:41:42 +04:00
unless ( $ ctx ) {
return undef ;
}
2010-09-09 12:02:31 +04:00
2012-09-12 10:52:15 +04:00
push ( @ { $ ctx - > { provision_options } } , "--use-ntvfs" ) ;
2012-04-30 09:08:38 +04:00
$ ctx - > { share } = "$ctx->{prefix_abs}/share" ;
push ( @ { $ ctx - > { directories } } , "$ctx->{share}" ) ;
2010-09-09 12:02:31 +04:00
$ ctx - > { smb_conf_extra_options } = "
max xmit = 32 K
server max protocol = SMB2
[ sysvol ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } / sysvol
2010-09-09 12:02:31 +04:00
read only = yes
[ netlogon ]
2011-07-12 15:14:41 +04:00
path = $ ctx - > { statedir } /sysvol/ $ ctx - > { dnsname } / scripts
2010-09-09 12:02:31 +04:00
read only = yes
[ tmp ]
2012-04-30 09:08:38 +04:00
path = $ ctx - > { share }
2010-09-09 12:02:31 +04:00
read only = no
posix:sharedelay = 10000
posix:oplocktimeout = 3
2012-03-15 20:32:51 +04:00
posix:writetimeupdatedelay = 50000
2010-09-09 12:02:31 +04:00
" ;
my $ ret = $ self - > provision_raw_step1 ( $ ctx ) ;
2010-09-14 16:41:42 +04:00
unless ( $ ret ) {
return undef ;
}
2010-09-09 12:02:31 +04:00
2011-04-27 05:19:20 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-09-09 12:02:31 +04:00
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
2014-09-10 13:00:28 +04:00
if ( defined ( $ ret - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-09-09 12:02:31 +04:00
$ cmd . = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2011-07-19 06:54:37 +04:00
$ cmd . = "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC" ;
2010-09-09 12:02:31 +04:00
$ cmd . = " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}" ;
2012-08-23 14:17:57 +04:00
$ cmd . = " --server=$dcvars->{DC_SERVER} --use-ntvfs" ;
2010-09-09 12:02:31 +04:00
2015-01-21 05:57:40 +03:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "RODC join failed\n$cmd" ) ;
return undef ;
}
2015-03-29 12:15:29 +03:00
# This ensures deterministic behaviour for tests that want to have the 'testallowed account'
2015-01-21 05:57:40 +03:00
# user password verified on the RODC
2015-03-29 12:15:29 +03:00
my $ testallowed_account = "testallowed account" ;
2015-01-21 05:57:40 +03:00
$ cmd = "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" " ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" " ;
2015-03-29 12:15:29 +03:00
$ cmd . = "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}" ;
2015-01-21 05:57:40 +03:00
$ cmd . = " --server=$dcvars->{DC_SERVER}" ;
2010-09-14 16:41:42 +04:00
unless ( system ( $ cmd ) == 0 ) {
warn ( "RODC join failed\n$cmd" ) ;
return undef ;
}
2010-09-09 12:02:31 +04:00
2011-03-04 12:05:51 +03:00
# we overwrite the kdc after the RODC join
# so that use the RODC as kdc and test
# the proxy code
$ ctx - > { kdc_ipv4 } = $ ret - > { SERVER_IP } ;
2014-09-10 12:59:39 +04:00
$ ctx - > { kdc_ipv6 } = $ ret - > { SERVER_IPV6 } ;
2011-04-19 10:38:46 +04:00
Samba:: mk_krb5_conf ( $ ctx ) ;
2011-03-04 12:05:51 +03:00
2010-09-09 12:02:31 +04:00
$ ret - > { RODC_DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { RODC_DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { RODC_DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2010-09-09 12:02:31 +04:00
$ ret - > { RODC_DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_SERVER } = $ dcvars - > { DC_SERVER } ;
$ ret - > { DC_SERVER_IP } = $ dcvars - > { DC_SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ dcvars - > { DC_SERVER_IPV6 } ;
2010-09-09 12:02:31 +04:00
$ ret - > { DC_NETBIOSNAME } = $ dcvars - > { DC_NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ dcvars - > { DC_USERNAME } ;
$ ret - > { DC_PASSWORD } = $ dcvars - > { DC_PASSWORD } ;
return $ ret ;
}
2016-01-12 15:51:00 +03:00
sub read_config_h ($)
{
my ( $ name ) = @ _ ;
my % ret = { } ;
open ( LF , "<$name" ) or die ( "unable to read $name: $!" ) ;
while ( <LF> ) {
chomp ;
next if not ( /^#define / ) ;
if ( /^#define (.*?)[ \t]+(.*?)$/ ) {
$ ret { $ 1 } = $ 2 ;
next ;
}
if ( /^#define (.*?)[ \t]+$/ ) {
$ ret { $ 1 } = 1 ; ;
next ;
}
}
close ( LF ) ;
return \ % ret ;
}
2015-03-05 20:08:43 +03:00
sub provision_ad_dc ($$)
2011-05-08 08:55:33 +04:00
{
my ( $ self , $ prefix ) = @ _ ;
2012-04-26 09:20:02 +04:00
my $ prefix_abs = abs_path ( $ prefix ) ;
2012-04-30 17:39:27 +04:00
my $ bindir_abs = abs_path ( $ self - > { bindir } ) ;
my $ lockdir = "$prefix_abs/lockdir" ;
2012-08-30 16:09:49 +04:00
my $ conffile = "$prefix_abs/etc/smb.conf" ;
2012-04-30 17:39:27 +04:00
2016-01-16 12:20:32 +03:00
my $ require_mutexes = "dbwrap_tdb_require_mutexes:* = yes" ;
$ require_mutexes = "" if ( $ ENV { SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT } eq "1" ) ;
2016-01-12 15:51:00 +03:00
my $ config_h = { } ;
if ( defined ( $ ENV { CONFIG_H } ) ) {
$ config_h = read_config_h ( $ ENV { CONFIG_H } ) ;
}
my $ password_hash_gpg_key_ids = "password hash gpg key ids = 4952E40301FAB41A" ;
$ password_hash_gpg_key_ids = "" unless defined ( $ config_h - > { HAVE_GPGME } ) ;
2011-05-08 08:55:33 +04:00
my $ extra_smbconf_options = "
2012-04-26 09:20:02 +04:00
server services = - smb + s3fs
xattr_tdb:file = $ prefix_abs /statedir/x attr . tdb
2013-05-13 13:14:26 +04:00
dbwrap_tdb_mutexes: * = yes
2016-01-16 12:20:32 +03:00
$ { require_mutexes }
2013-05-13 13:14:26 +04:00
2016-01-12 15:51:00 +03:00
$ { password_hash_gpg_key_ids }
2012-04-26 09:20:02 +04:00
kernel oplocks = no
kernel change notify = no
2016-07-20 13:32:58 +03:00
smb2 leases = no
2012-04-26 09:20:02 +04:00
2015-03-24 02:16:36 +03:00
logging = file
2012-04-26 09:20:02 +04:00
printing = bsd
printcap name = /dev/ null
2012-09-12 16:10:55 +04:00
max protocol = SMB3
2012-04-26 09:20:02 +04:00
read only = no
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
2013-03-10 13:25:53 +04:00
create mask = 755
2012-04-26 09:20:02 +04:00
dos filemode = yes
2012-05-01 10:06:39 +04:00
dcerpc endpoint servers = - winreg - srvsvc
2012-04-30 17:39:27 +04:00
printcap name = /dev/ null
2012-08-30 16:09:49 +04:00
addprinter command = $ ENV { SRCDIR_ABS } /source3/sc ript /tests/ printing / modprinter . pl - a - s $ conffile - -
deleteprinter command = $ ENV { SRCDIR_ABS } /source3/sc ript /tests/ printing / modprinter . pl - d - s $ conffile - -
2012-04-30 17:39:27 +04:00
printing = vlp
print command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb print % p % s
lpq command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpq % p
lp rm command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lprm % p % j
lp pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lppause % p % j
lp resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb lpresume % p % j
queue pause command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queuepause % p
queue resume command = $ bindir_abs /vlp tdbfile=$lockdir/ vlp . tdb queueresume % p
lpq cache time = 0
2013-10-14 15:53:22 +04:00
print notify backchannel = yes
2012-04-26 09:20:02 +04:00
" ;
my $ extra_smbconf_shares = "
2012-08-17 10:50:21 +04:00
[ tmpenc ]
copy = tmp
smb encrypt = required
2012-04-26 09:20:02 +04:00
[ tmpcase ]
copy = tmp
case sensitive = yes
[ tmpguest ]
copy = tmp
guest ok = yes
2012-04-30 09:17:54 +04:00
[ hideunread ]
copy = tmp
hide unreadable = yes
2012-08-30 16:09:49 +04:00
2012-08-09 17:27:50 +04:00
[ durable ]
copy = tmp
kernel share modes = no
kernel oplocks = no
posix locking = no
2012-08-30 16:09:49 +04:00
[ print \ $]
copy = tmp
[ print1 ]
copy = tmp
printable = yes
[ print2 ]
copy = print1
[ print3 ]
copy = print1
[ lp ]
copy = print1
2011-05-08 08:55:33 +04:00
" ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING AD DC...\n" ;
2011-05-08 08:55:33 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
2015-03-05 20:08:43 +03:00
"addc" ,
"ADDOMAIN" ,
2016-01-16 15:57:47 +03:00
"addom.samba.example.com" ,
2011-05-08 08:55:33 +04:00
"2008" ,
"locDCpass1" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
$ extra_smbconf_options ,
$ extra_smbconf_shares ,
undef ) ;
2016-06-17 10:23:49 +03:00
unless ( defined $ ret ) {
return undef ;
}
2011-05-08 08:55:33 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2011-05-08 08:55:33 +04:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
return $ ret ;
}
2012-02-29 05:48:21 +04:00
sub provision_chgdcpass ($$)
{
my ( $ self , $ prefix ) = @ _ ;
2016-06-17 11:47:06 +03:00
print "PROVISIONING CHGDCPASS...\n" ;
2012-09-12 10:52:15 +04:00
my $ extra_provision_options = undef ;
2016-06-13 06:42:46 +03:00
# This environment disallows the use of this password
# (and also removes the default AD complexity checks)
my $ unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ" ;
2012-09-12 10:52:15 +04:00
push ( @ { $ extra_provision_options } , "--dns-backend=BIND9_DLZ" ) ;
2012-02-29 05:48:21 +04:00
my $ ret = $ self - > provision ( $ prefix ,
"domain controller" ,
"chgdcpass" ,
"CHDCDOMAIN" ,
"chgdcpassword.samba.example.com" ,
"2008" ,
"chgDCpass1" ,
2014-09-10 12:59:39 +04:00
undef ,
undef ,
2016-06-13 06:42:46 +03:00
"check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n" ,
2014-09-10 12:59:39 +04:00
"" ,
2012-09-12 10:52:15 +04:00
$ extra_provision_options ) ;
2016-06-17 10:23:49 +03:00
unless ( defined $ ret ) {
return undef ;
}
2012-02-29 05:48:21 +04:00
unless ( $ self - > add_wins_config ( "$prefix/private" ) ) {
warn ( "Unable to add wins configuration" ) ;
return undef ;
}
2012-08-29 03:10:40 +04:00
2014-05-20 02:15:31 +04:00
# Remove secrets.tdb from this environment to test that we
# still start up on systems without the new matching
2015-06-17 02:59:49 +03:00
# secrets.tdb records.
2013-02-20 08:29:42 +04:00
unless ( unlink ( "$ret->{PRIVATEDIR}/secrets.tdb" ) || unlink ( "$ret->{PRIVATEDIR}/secrets.ntdb" ) ) {
2012-08-29 03:10:40 +04:00
warn ( "Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision" ) ;
return undef ;
}
2012-02-29 05:48:21 +04:00
$ ret - > { DC_SERVER } = $ ret - > { SERVER } ;
$ ret - > { DC_SERVER_IP } = $ ret - > { SERVER_IP } ;
2014-06-19 19:21:16 +04:00
$ ret - > { DC_SERVER_IPV6 } = $ ret - > { SERVER_IPV6 } ;
2012-02-29 05:48:21 +04:00
$ ret - > { DC_NETBIOSNAME } = $ ret - > { NETBIOSNAME } ;
$ ret - > { DC_USERNAME } = $ ret - > { USERNAME } ;
$ ret - > { DC_PASSWORD } = $ ret - > { PASSWORD } ;
2016-06-13 06:42:46 +03:00
$ ret - > { UNACCEPTABLE_PASSWORD } = $ unacceptable_password ;
2012-02-29 05:48:21 +04:00
return $ ret ;
}
2007-04-11 00:19:31 +04:00
sub teardown_env ($$)
2007-03-21 18:57:07 +03:00
{
2007-04-11 00:19:31 +04:00
my ( $ self , $ envvars ) = @ _ ;
2007-07-04 04:34:16 +04:00
my $ pid ;
2007-03-21 18:57:07 +03:00
2012-03-02 11:01:13 +04:00
# This should cause samba to terminate gracefully
close ( $ envvars - > { STDIN_PIPE } ) ;
2007-03-21 18:57:07 +03:00
2012-03-04 10:30:45 +04:00
$ pid = $ envvars - > { SAMBA_PID } ;
my $ count = 0 ;
my $ childpid ;
2012-03-04 11:32:44 +04:00
# This should give it time to write out the gcov data
2012-06-29 07:38:11 +04:00
until ( $ count > 30 ) {
2012-03-04 11:32:44 +04:00
if ( Samba:: cleanup_child ( $ pid , "samba" ) == - 1 ) {
last ;
}
2012-03-04 10:30:45 +04:00
sleep ( 1 ) ;
$ count + + ;
}
2012-03-04 11:32:44 +04:00
2013-09-19 16:52:59 +04:00
if ( $ count > 30 || kill ( 0 , $ pid ) ) {
kill "TERM" , $ pid ;
2012-03-04 11:32:44 +04:00
2013-09-19 16:52:59 +04:00
until ( $ count > 40 ) {
if ( Samba:: cleanup_child ( $ pid , "samba" ) == - 1 ) {
last ;
}
sleep ( 1 ) ;
$ count + + ;
2012-03-04 11:32:44 +04:00
}
2013-09-19 16:52:59 +04:00
# If it is still around, kill it
2012-03-04 11:32:44 +04:00
warn "server process $pid took more than $count seconds to exit, killing\n" ;
2012-03-04 10:30:45 +04:00
kill 9 , $ pid ;
2007-03-21 18:57:07 +03:00
}
2007-04-11 00:19:31 +04:00
$ self - > slapd_stop ( $ envvars ) if ( $ self - > { ldap } ) ;
2007-03-21 18:57:07 +03:00
2007-04-19 20:37:11 +04:00
print $ self - > getlog_env ( $ envvars ) ;
2012-03-04 10:30:45 +04:00
return ;
2007-03-21 18:57:07 +03:00
}
2007-04-18 18:02:26 +04:00
sub getlog_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2016-05-05 02:35:46 +03:00
my $ title = "SAMBA LOG of: $envvars->{NETBIOSNAME} pid $envvars->{SAMBA_PID}\n" ;
2007-04-18 18:02:26 +04:00
my $ out = $ title ;
2009-02-04 17:17:14 +03:00
open ( LOG , "<$envvars->{SAMBA_TEST_LOG}" ) ;
2007-04-18 18:02:26 +04:00
2009-02-04 17:17:14 +03:00
seek ( LOG , $ envvars - > { SAMBA_TEST_LOG_POS } , SEEK_SET ) ;
2007-04-18 18:02:26 +04:00
while ( <LOG> ) {
$ out . = $ _ ;
}
2009-02-04 17:17:14 +03:00
$ envvars - > { SAMBA_TEST_LOG_POS } = tell ( LOG ) ;
2007-04-18 18:02:26 +04:00
close ( LOG ) ;
return "" if $ out eq $ title ;
2010-11-01 01:05:03 +03:00
2007-04-18 18:02:26 +04:00
return $ out ;
}
2007-04-19 18:54:09 +04:00
sub check_env ($$)
{
my ( $ self , $ envvars ) = @ _ ;
2015-10-26 08:38:08 +03:00
my $ samba_pid = $ envvars - > { SAMBA_PID } ;
2007-04-19 18:54:09 +04:00
2015-12-07 03:32:25 +03:00
if ( not defined ( $ samba_pid ) ) {
return 0 ;
} elsif ( $ samba_pid > 0 ) {
my $ childpid = Samba:: cleanup_child ( $ samba_pid , "samba" ) ;
2015-10-26 08:38:08 +03:00
2015-12-07 03:32:25 +03:00
if ( $ childpid == 0 ) {
return 1 ;
}
return 0 ;
} else {
2015-12-07 03:18:38 +03:00
return 1 ;
}
2015-12-07 03:32:25 +03:00
2007-04-19 18:54:09 +04:00
}
2007-04-11 07:45:39 +04:00
sub setup_env ($$$)
2007-03-06 00:28:55 +03:00
{
2007-04-11 07:45:39 +04:00
my ( $ self , $ envname , $ path ) = @ _ ;
2011-04-19 10:38:46 +04:00
my $ target3 = $ self - > { target3 } ;
2007-04-18 18:02:26 +04:00
2010-10-02 23:42:00 +04:00
$ ENV { ENVNAME } = $ envname ;
2012-02-15 01:55:05 +04:00
if ( defined ( $ self - > { vars } - > { $ envname } ) ) {
return $ self - > { vars } - > { $ envname } ;
}
2015-03-06 01:38:26 +03:00
if ( $ envname eq "ad_dc_ntvfs" ) {
return $ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-06-15 16:24:36 +04:00
} elsif ( $ envname eq "fl2000dc" ) {
return $ self - > setup_fl2000dc ( "$path/fl2000dc" ) ;
2010-06-21 16:17:40 +04:00
} elsif ( $ envname eq "fl2003dc" ) {
2015-02-11 11:58:07 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc } ) ) {
$ self - > setup_ad_dc ( "$path/ad_dc" ) ;
}
return $ self - > setup_fl2003dc ( "$path/fl2003dc" , $ self - > { vars } - > { ad_dc } ) ;
2010-06-21 16:17:40 +04:00
} elsif ( $ envname eq "fl2008r2dc" ) {
2015-02-11 11:58:07 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc } ) ) {
$ self - > setup_ad_dc ( "$path/ad_dc" ) ;
}
return $ self - > setup_fl2008r2dc ( "$path/fl2008r2dc" , $ self - > { vars } - > { ad_dc } ) ;
2010-02-19 07:56:30 +03:00
} elsif ( $ envname eq "rpc_proxy" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-02-19 07:56:30 +03:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_rpc_proxy ( "$path/rpc_proxy" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2010-03-12 02:36:12 +03:00
} elsif ( $ envname eq "vampire_dc" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-03-12 02:36:12 +03:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_vampire_dc ( "$path/vampire_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2013-01-27 15:15:50 +04:00
} elsif ( $ envname eq "promoted_dc" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2012-07-06 09:39:09 +04:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_promoted_dc ( "$path/promoted_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2011-08-25 15:47:03 +04:00
} elsif ( $ envname eq "subdom_dc" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2011-08-25 15:47:03 +04:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_subdom_dc ( "$path/subdom_dc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2016-09-29 18:50:58 +03:00
} elsif ( $ envname eq "s4member_dflt_domain" ) {
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
}
return $ self - > setup_s4member_dflt_domain ( "$path/s4member_dflt_domain" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2011-04-18 12:57:22 +04:00
} elsif ( $ envname eq "s4member" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2007-04-12 12:33:35 +04:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_s4member ( "$path/s4member" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2010-09-09 12:02:31 +04:00
} elsif ( $ envname eq "rodc" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2010-09-09 12:02:31 +04:00
}
2015-03-06 01:38:26 +03:00
return $ self - > setup_rodc ( "$path/rodc" , $ self - > { vars } - > { ad_dc_ntvfs } ) ;
2012-02-29 05:48:21 +04:00
} elsif ( $ envname eq "chgdcpass" ) {
return $ self - > setup_chgdcpass ( "$path/chgdcpass" , $ self - > { vars } - > { chgdcpass } ) ;
2015-03-06 01:46:14 +03:00
} elsif ( $ envname eq "ad_member" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2011-04-19 10:38:46 +04:00
}
2015-03-06 01:46:14 +03:00
return $ target3 - > setup_admember ( "$path/ad_member" , $ self - > { vars } - > { ad_dc_ntvfs } , 29 ) ;
2015-03-05 20:08:43 +03:00
} elsif ( $ envname eq "ad_dc" ) {
return $ self - > setup_ad_dc ( "$path/ad_dc" ) ;
} elsif ( $ envname eq "ad_dc_no_nss" ) {
return $ self - > setup_ad_dc ( "$path/ad_dc_no_nss" , "no_nss" ) ;
2015-03-06 02:58:45 +03:00
} elsif ( $ envname eq "ad_member_rfc2307" ) {
2015-03-06 01:38:26 +03:00
if ( not defined ( $ self - > { vars } - > { ad_dc_ntvfs } ) ) {
$ self - > setup_ad_dc_ntvfs ( "$path/ad_dc_ntvfs" ) ;
2013-02-21 23:33:23 +04:00
}
2015-03-06 02:58:45 +03:00
return $ target3 - > setup_admember_rfc2307 ( "$path/ad_member_rfc2307" ,
2015-03-06 01:38:26 +03:00
$ self - > { vars } - > { ad_dc_ntvfs } , 34 ) ;
2015-10-26 08:38:08 +03:00
} elsif ( $ envname eq "none" ) {
return $ self - > setup_none ( "$path/none" ) ;
2007-04-11 00:19:31 +04:00
} else {
2012-02-13 05:14:57 +04:00
return "UNKNOWN" ;
2007-04-11 00:19:31 +04:00
}
}
2014-05-24 14:47:30 +04:00
sub setup_s4member ($$$)
2007-04-12 12:33:35 +04:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2016-09-29 18:50:58 +03:00
my $ env = $ self - > provision_s4member ( $ path , $ dc_vars , "s4member" ) ;
2007-04-12 12:33:35 +04:00
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2007-04-12 12:33:35 +04:00
2014-05-24 14:47:30 +04:00
$ self - > { vars } - > { s4member } = $ env ;
2010-11-01 01:00:46 +03:00
}
2010-02-19 07:56:30 +03:00
return $ env ;
}
2016-09-29 18:50:58 +03:00
sub setup_s4member_dflt_domain ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_s4member ( $ path , $ dc_vars , "s4member_dflt" ,
"winbind use default domain = yes" ) ;
if ( defined $ env ) {
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
return undef ;
}
$ self - > { vars } - > { s4member_dflt_domain } = $ env ;
}
return $ env ;
}
2010-03-12 02:36:12 +03:00
sub setup_rpc_proxy ($$$)
2010-02-19 07:56:30 +03:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rpc_proxy ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2010-02-19 07:56:30 +03:00
2010-11-06 05:48:31 +03:00
$ self - > { vars } - > { rpc_proxy } = $ env ;
2010-11-01 01:00:46 +03:00
}
2007-04-12 12:33:35 +04:00
return $ env ;
}
2015-03-06 01:38:26 +03:00
sub setup_ad_dc_ntvfs ($$)
2007-04-11 00:19:31 +04:00
{
2007-04-11 07:45:39 +04:00
my ( $ self , $ path ) = @ _ ;
2007-04-04 16:23:10 +04:00
2015-03-06 01:38:26 +03:00
my $ env = $ self - > provision_ad_dc_ntvfs ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
warn ( "Failed to start ad_dc_ntvfs" ) ;
return undef ;
}
2007-04-12 12:33:35 +04:00
2015-03-06 01:38:26 +03:00
$ self - > { vars } - > { ad_dc_ntvfs } = $ env ;
2010-11-01 01:00:46 +03:00
}
2007-04-04 16:23:10 +04:00
return $ env ;
2007-03-06 00:28:55 +03:00
}
2012-02-29 05:48:21 +04:00
sub setup_chgdcpass ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_chgdcpass ( $ path ) ;
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2012-02-29 05:48:21 +04:00
$ self - > { vars } - > { chgdcpass } = $ env ;
}
return $ env ;
}
2010-06-15 16:24:36 +04:00
sub setup_fl2000dc ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ env = $ self - > provision_fl2000dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2010-06-15 16:24:36 +04:00
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2000dc } = $ env ;
}
2010-06-15 16:24:36 +04:00
return $ env ;
}
2015-02-11 11:58:07 +03:00
sub setup_fl2003dc ($$$)
2010-06-21 16:17:40 +04:00
{
2015-02-11 11:58:07 +03:00
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2010-06-21 16:17:40 +04:00
my $ env = $ self - > provision_fl2003dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2010-06-21 16:17:40 +04:00
2015-02-11 11:58:07 +03:00
$ env = $ self - > setup_trust ( $ env , $ dc_vars , "external" , "--no-aes-keys" ) ;
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2003dc } = $ env ;
}
2010-06-21 16:17:40 +04:00
return $ env ;
}
2015-02-11 11:58:07 +03:00
sub setup_fl2008r2dc ($$$)
2010-06-21 16:17:40 +04:00
{
2015-02-11 11:58:07 +03:00
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2010-06-21 16:17:40 +04:00
my $ env = $ self - > provision_fl2008r2dc ( $ path ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2016-02-17 13:58:43 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "standard" ) ) ) {
2015-12-07 03:18:38 +03:00
return undef ;
}
2010-06-21 16:17:40 +04:00
2015-05-11 14:45:59 +03:00
my $ upn_array = [ "$env->{REALM}.upn" ] ;
my $ spn_array = [ "$env->{REALM}.spn" ] ;
$ self - > setup_namespaces ( $ env , $ upn_array , $ spn_array ) ;
2015-02-11 11:58:07 +03:00
$ env = $ self - > setup_trust ( $ env , $ dc_vars , "forest" , "" ) ;
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { fl2008r2dc } = $ env ;
}
2010-06-21 16:17:40 +04:00
return $ env ;
}
2010-03-12 02:36:12 +03:00
sub setup_vampire_dc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_vampire_dc ( $ path , $ dc_vars ) ;
2010-11-01 01:00:46 +03:00
if ( defined $ env ) {
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "single" ) ) ) {
return undef ;
}
2010-11-01 01:00:46 +03:00
$ self - > { vars } - > { vampire_dc } = $ env ;
# force replicated DC to update repsTo/repsFrom
# for vampired partitions
2011-04-27 05:19:20 +04:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
2010-11-01 01:00:46 +03:00
my $ cmd = "" ;
2014-09-10 13:00:28 +04:00
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ env - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-11-01 01:00:46 +03:00
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2015-02-20 07:56:39 +03:00
$ cmd . = " $samba_tool drs kcc -k no $env->{DC_SERVER}" ;
2011-08-09 14:20:54 +04:00
$ cmd . = " $env->{CONFIGURATION}" ;
2010-11-01 01:00:46 +03:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
2016-07-21 04:08:56 +03:00
warn ( "Failed to exec kcc on remote DC\n$cmd" ) ;
2010-11-01 01:00:46 +03:00
return undef ;
}
2010-08-28 02:30:09 +04:00
2010-11-01 01:00:46 +03:00
# as 'vampired' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
2014-09-10 13:00:28 +04:00
$ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" " ;
if ( defined ( $ env - > { RESOLV_WRAPPER_CONF } ) ) {
$ cmd . = "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" " ;
} else {
$ cmd . = "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" " ;
}
2010-11-01 01:00:46 +03:00
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2012-07-06 09:39:09 +04:00
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
}
return $ env ;
}
2013-01-27 15:15:50 +04:00
sub setup_promoted_dc ($$$)
2012-07-06 09:39:09 +04:00
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
2013-01-27 15:15:50 +04:00
my $ env = $ self - > provision_promoted_dc ( $ path , $ dc_vars ) ;
2012-07-06 09:39:09 +04:00
if ( defined $ env ) {
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "single" ) ) ) {
return undef ;
}
2012-07-06 09:39:09 +04:00
2013-01-27 15:15:50 +04:00
$ self - > { vars } - > { promoted_dc } = $ env ;
2012-07-06 09:39:09 +04:00
2015-02-20 07:56:39 +03:00
# force source and replicated DC to update repsTo/repsFrom
2012-07-06 09:39:09 +04:00
# for vampired partitions
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2012-07-06 09:39:09 +04:00
$ cmd . = " $samba_tool drs kcc $env->{DC_SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
2016-07-21 04:08:56 +03:00
warn ( "Failed to exec kcc on remote DC\n$cmd" ) ;
2012-07-06 09:39:09 +04:00
return undef ;
}
2015-02-20 07:56:39 +03:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2015-02-20 07:56:39 +03:00
$ cmd . = " $samba_tool drs kcc $env->{SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
unless ( system ( $ cmd ) == 0 ) {
2016-07-21 04:08:56 +03:00
warn ( "Failed to exec kcc on promoted DC\n$cmd" ) ;
2015-02-20 07:56:39 +03:00
return undef ;
}
2012-07-06 09:39:09 +04:00
# as 'vampired' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2012-07-06 09:39:09 +04:00
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}" ;
2011-08-09 14:20:54 +04:00
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
2010-11-01 01:00:46 +03:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
2010-09-14 16:41:42 +04:00
}
2010-08-28 02:30:09 +04:00
2010-03-12 02:36:12 +03:00
return $ env ;
}
2011-08-25 15:47:03 +04:00
sub setup_subdom_dc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_subdom_dc ( $ path , $ dc_vars ) ;
if ( defined $ env ) {
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "single" ) ) ) {
return undef ;
}
2011-08-25 15:47:03 +04:00
$ self - > { vars } - > { subdom_dc } = $ env ;
# force replicated DC to update repsTo/repsFrom
# for primary domain partitions
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
$ cmd . = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2011-08-25 15:47:03 +04:00
$ cmd . = " $samba_tool drs kcc $env->{DC_SERVER}" ;
$ cmd . = " $env->{CONFIGURATION}" ;
2011-08-26 07:23:41 +04:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}" ;
2011-08-25 15:47:03 +04:00
unless ( system ( $ cmd ) == 0 ) {
2016-07-21 04:08:56 +03:00
warn ( "Failed to exec kcc on remote DC\n$cmd" ) ;
2011-08-25 15:47:03 +04:00
return undef ;
}
# as 'subdomain' dc may add data in its local replica
# we need to synchronize data between DCs
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ env - > { REALM } ) ) ;
my $ config_dn = "CN=Configuration,DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2011-08-25 15:47:03 +04:00
$ cmd . = " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
2011-08-26 07:23:41 +04:00
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}" ;
2011-08-25 15:47:03 +04:00
# replicate Configuration NC
my $ cmd_repl = "$cmd \"$config_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
}
return $ env ;
}
2010-09-09 12:02:31 +04:00
sub setup_rodc ($$$)
{
my ( $ self , $ path , $ dc_vars ) = @ _ ;
my $ env = $ self - > provision_rodc ( $ path , $ dc_vars ) ;
2010-09-14 16:41:42 +04:00
unless ( $ env ) {
return undef ;
}
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "single" ) ) ) {
return undef ;
}
2010-09-09 12:02:31 +04:00
2015-02-20 07:56:39 +03:00
my $ samba_tool = Samba:: bindir_path ( $ self , "samba-tool" ) ;
my $ cmd = "" ;
my $ base_dn = "DC=" . join ( ",DC=" , split ( /\./ , $ dc_vars - > { REALM } ) ) ;
$ cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"" ;
$ cmd . = " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"" ;
2016-09-22 19:46:28 +03:00
$ cmd . = "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" " ;
2015-02-20 07:56:39 +03:00
$ cmd . = " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}" ;
$ cmd . = " $dc_vars->{CONFIGURATION}" ;
$ cmd . = " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}" ;
# replicate Configuration NC
my $ cmd_repl = "$cmd \"CN=Configuration,$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
# replicate Default NC
$ cmd_repl = "$cmd \"$base_dn\"" ;
unless ( system ( $ cmd_repl ) == 0 ) {
warn ( "Failed to replicate\n$cmd_repl" ) ;
return undef ;
}
2010-09-09 12:02:31 +04:00
$ self - > { vars } - > { rodc } = $ env ;
return $ env ;
}
2015-03-05 20:08:43 +03:00
sub setup_ad_dc ($$)
2011-05-08 08:55:33 +04:00
{
2015-03-05 15:22:07 +03:00
my ( $ self , $ path , $ no_nss ) = @ _ ;
2011-05-08 08:55:33 +04:00
2012-02-16 08:12:49 +04:00
# If we didn't build with ADS, pretend this env was never available
if ( not $ self - > { target3 } - > have_ads ( ) ) {
return "UNKNOWN" ;
}
2015-03-05 20:08:43 +03:00
my $ env = $ self - > provision_ad_dc ( $ path ) ;
2012-02-15 09:08:05 +04:00
unless ( $ env ) {
return undef ;
}
2011-05-08 08:55:33 +04:00
2015-03-05 15:22:07 +03:00
if ( defined ( $ no_nss ) and $ no_nss ) {
$ env - > { NSS_WRAPPER_MODULE_SO_PATH } = undef ;
$ env - > { NSS_WRAPPER_MODULE_FN_PREFIX } = undef ;
}
2015-12-07 03:18:38 +03:00
if ( not defined ( $ self - > check_or_start ( $ env , "single" ) ) ) {
return undef ;
}
2015-05-11 14:45:59 +03:00
my $ upn_array = [ "$env->{REALM}.upn" ] ;
my $ spn_array = [ "$env->{REALM}.spn" ] ;
$ self - > setup_namespaces ( $ env , $ upn_array , $ spn_array ) ;
2015-03-05 20:08:43 +03:00
$ self - > { vars } - > { ad_dc } = $ env ;
2011-05-08 08:55:33 +04:00
return $ env ;
}
2015-10-26 08:38:08 +03:00
sub setup_none ($$)
{
my ( $ self , $ path ) = @ _ ;
my $ ret = {
KRB5_CONFIG = > abs_path ( $ path ) . "/no_krb5.conf" ,
SAMBA_PID = > - 1 ,
}
}
2007-03-06 00:28:55 +03:00
1 ;