mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
abb2c7fef4
With s3fs now well settled into master, we now throw the swtich and make it the default. There is still much to do, but we need to be using s3fs by default to find out exactly what that is. Andrew Bartlett
1777 lines
51 KiB
Perl
1777 lines
51 KiB
Perl
#!/usr/bin/perl
|
|
# Bootstrap Samba and run a number of tests against it.
|
|
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
|
|
# Published under the GNU GPL, v3 or later.
|
|
|
|
package Samba4;
|
|
|
|
use strict;
|
|
use Cwd qw(abs_path);
|
|
use FindBin qw($RealBin);
|
|
use POSIX;
|
|
use SocketWrapper;
|
|
use target::Samba;
|
|
use target::Samba3;
|
|
|
|
sub new($$$$$) {
|
|
my ($classname, $bindir, $binary_mapping, $ldap, $srcdir, $server_maxtime) = @_;
|
|
|
|
my $self = {
|
|
vars => {},
|
|
ldap => $ldap,
|
|
bindir => $bindir,
|
|
binary_mapping => $binary_mapping,
|
|
srcdir => $srcdir,
|
|
server_maxtime => $server_maxtime,
|
|
target3 => new Samba3($bindir, $binary_mapping, $srcdir, $server_maxtime)
|
|
};
|
|
bless $self;
|
|
return $self;
|
|
}
|
|
|
|
sub scriptdir_path($$) {
|
|
my ($self, $path) = @_;
|
|
return "$self->{srcdir}/source4/scripting/$path";
|
|
}
|
|
|
|
sub openldap_start($$$) {
|
|
}
|
|
|
|
sub slapd_start($$)
|
|
{
|
|
my $count = 0;
|
|
my ($self, $env_vars) = @_;
|
|
my $ldbsearch = Samba::bindir_path($self, "ldbsearch");
|
|
|
|
my $uri = $env_vars->{LDAP_URI};
|
|
|
|
if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
|
|
print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
|
|
return 1;
|
|
}
|
|
# running slapd in the background means it stays in the same process group, so it can be
|
|
# killed by timelimit
|
|
if ($self->{ldap} eq "fedora-ds") {
|
|
system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
|
|
} elsif ($self->{ldap} eq "openldap") {
|
|
system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
|
|
}
|
|
while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
|
|
$count++;
|
|
if ($count > 40) {
|
|
$self->slapd_stop($env_vars);
|
|
return 0;
|
|
}
|
|
sleep(1);
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
sub slapd_stop($$)
|
|
{
|
|
my ($self, $envvars) = @_;
|
|
if ($self->{ldap} eq "fedora-ds") {
|
|
system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
|
|
} elsif ($self->{ldap} eq "openldap") {
|
|
unless (open(IN, "<$envvars->{OPENLDAP_PIDFILE}")) {
|
|
warn("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}");
|
|
return 0;
|
|
}
|
|
kill 9, <IN>;
|
|
close(IN);
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
sub check_or_start($$$)
|
|
{
|
|
my ($self, $env_vars, $process_model) = @_;
|
|
|
|
return 0 if $self->check_env($env_vars);
|
|
|
|
# use a pipe for stdin in the child processes. This allows
|
|
# those processes to monitor the pipe for EOF to ensure they
|
|
# exit when the test script exits
|
|
pipe(STDIN_READER, $env_vars->{STDIN_PIPE});
|
|
|
|
print "STARTING SAMBA...";
|
|
my $pid = fork();
|
|
if ($pid == 0) {
|
|
# we want out from samba to go to the log file, but also
|
|
# to the users terminal when running 'make test' on the command
|
|
# line. This puts it on stderr on the terminal
|
|
open STDOUT, "| tee $env_vars->{SAMBA_TEST_LOG} 1>&2";
|
|
open STDERR, '>&STDOUT';
|
|
|
|
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
|
|
|
|
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
|
|
$ENV{WINBINDD_SOCKET_DIR} = $env_vars->{WINBINDD_SOCKET_DIR};
|
|
$ENV{NMBD_SOCKET_DIR} = $env_vars->{NMBD_SOCKET_DIR};
|
|
|
|
$ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
|
|
$ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
|
|
$ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH};
|
|
|
|
$ENV{UID_WRAPPER} = "1";
|
|
|
|
$ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "samba");
|
|
my @preargs = ();
|
|
my @optargs = ();
|
|
if (defined($ENV{SAMBA_OPTIONS})) {
|
|
@optargs = split(/ /, $ENV{SAMBA_OPTIONS});
|
|
}
|
|
if(defined($ENV{SAMBA_VALGRIND})) {
|
|
@preargs = split(/ /,$ENV{SAMBA_VALGRIND});
|
|
}
|
|
|
|
close($env_vars->{STDIN_PIPE});
|
|
open STDIN, ">&", \*STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
|
|
|
|
exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
|
|
}
|
|
$env_vars->{SAMBA_PID} = $pid;
|
|
print "DONE\n";
|
|
|
|
close(STDIN_READER);
|
|
|
|
return $pid;
|
|
}
|
|
|
|
sub wait_for_start($$)
|
|
{
|
|
my ($self, $testenv_vars) = @_;
|
|
# give time for nbt server to register its names
|
|
print "delaying for nbt name registration\n";
|
|
sleep 2;
|
|
|
|
# This will return quickly when things are up, but be slow if we
|
|
# need to wait for (eg) SSL init
|
|
my $nmblookup = Samba::bindir_path($self, "nmblookup");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
|
|
system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}");
|
|
|
|
print $self->getlog_env($testenv_vars);
|
|
}
|
|
|
|
sub write_ldb_file($$$)
|
|
{
|
|
my ($self, $file, $ldif) = @_;
|
|
|
|
my $ldbadd = Samba::bindir_path($self, "ldbadd");
|
|
open(LDIF, "|$ldbadd -H $file >/dev/null");
|
|
print LDIF $ldif;
|
|
return(close(LDIF));
|
|
}
|
|
|
|
sub add_wins_config($$)
|
|
{
|
|
my ($self, $privatedir) = @_;
|
|
|
|
return $self->write_ldb_file("$privatedir/wins_config.ldb", "
|
|
dn: name=TORTURE_11,CN=PARTNERS
|
|
objectClass: wreplPartner
|
|
name: TORTURE_11
|
|
address: 127.0.0.11
|
|
pullInterval: 0
|
|
pushChangeCount: 0
|
|
type: 0x3
|
|
");
|
|
}
|
|
|
|
sub mk_fedora_ds($$)
|
|
{
|
|
my ($self, $ctx) = @_;
|
|
|
|
#Make the subdirectory be as fedora DS would expect
|
|
my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
|
|
|
|
my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
|
|
|
|
return ($fedora_ds_dir, $pidfile);
|
|
}
|
|
|
|
sub mk_openldap($$)
|
|
{
|
|
my ($self, $ctx) = @_;
|
|
|
|
my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
|
|
my $pidfile = "$ctx->{ldapdir}/slapd.pid";
|
|
|
|
return ($slapd_conf_d, $pidfile);
|
|
}
|
|
|
|
sub mk_keyblobs($$)
|
|
{
|
|
my ($self, $tlsdir) = @_;
|
|
|
|
#TLS and PKINIT crypto blobs
|
|
my $dhfile = "$tlsdir/dhparms.pem";
|
|
my $cafile = "$tlsdir/ca.pem";
|
|
my $certfile = "$tlsdir/cert.pem";
|
|
my $reqkdc = "$tlsdir/req-kdc.der";
|
|
my $kdccertfile = "$tlsdir/kdc.pem";
|
|
my $keyfile = "$tlsdir/key.pem";
|
|
my $adminkeyfile = "$tlsdir/adminkey.pem";
|
|
my $reqadmin = "$tlsdir/req-admin.der";
|
|
my $admincertfile = "$tlsdir/admincert.pem";
|
|
my $admincertupnfile = "$tlsdir/admincertupn.pem";
|
|
|
|
mkdir($tlsdir, 0777);
|
|
|
|
#This is specified here to avoid draining entropy on every run
|
|
open(DHFILE, ">$dhfile");
|
|
print DHFILE <<EOF;
|
|
-----BEGIN DH PARAMETERS-----
|
|
MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
|
|
svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
|
|
YX70obsCAQI=
|
|
-----END DH PARAMETERS-----
|
|
EOF
|
|
close(DHFILE);
|
|
|
|
#Likewise, we pregenerate the key material. This allows the
|
|
#other certificates to be pre-generated
|
|
open(KEYFILE, ">$keyfile");
|
|
print KEYFILE <<EOF;
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
|
|
ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
|
|
6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
|
|
AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
|
|
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
|
|
szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
|
|
9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
|
|
8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
|
|
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
|
|
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
|
|
jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
|
|
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
|
|
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
|
|
-----END RSA PRIVATE KEY-----
|
|
EOF
|
|
close(KEYFILE);
|
|
|
|
open(ADMINKEYFILE, ">$adminkeyfile");
|
|
|
|
print ADMINKEYFILE <<EOF;
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
|
|
5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
|
|
XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
|
|
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
|
|
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
|
|
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
|
|
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
|
|
eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
|
|
I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
|
|
ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
|
|
OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
|
|
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
|
|
+cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
|
|
-----END RSA PRIVATE KEY-----
|
|
EOF
|
|
|
|
#generated with
|
|
# hxtool issue-certificate --self-signed --issue-ca \
|
|
# --ca-private-key="FILE:$KEYFILE" \
|
|
# --subject="CN=CA,DC=samba,DC=example,DC=com" \
|
|
# --certificate="FILE:$CAFILE" --lifetime="25 years"
|
|
|
|
open(CAFILE, ">$cafile");
|
|
print CAFILE <<EOF;
|
|
-----BEGIN CERTIFICATE-----
|
|
MIICcTCCAdqgAwIBAgIUaBPmjnPVqyFqR5foICmLmikJTzgwCwYJKoZIhvcNAQEFMFIxEzAR
|
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTIyMzEyWhgPMjAzMzAyMjQx
|
|
MjIzMTJaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
|
|
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
|
|
I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
|
|
ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
|
|
AaYwHQYDVR0OBBYEFMLZufegDKLZs0VOyFXYK1L6M8oyMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
|
KoZIhvcNAQEFBQADgYEAAZJbCAAkaqgFJ0xgNovn8Ydd0KswQPjicwiODPgw9ZPoD2HiOUVO
|
|
yYDRg/dhFF9y656OpcHk4N7qZ2sl3RlHkzDu+dseETW+CnKvQIoXNyeARRJSsSlwrwcoD4JR
|
|
HTLk2sGigsWwrJ2N99sG/cqSJLJ1MFwLrs6koweBnYU0f/g=
|
|
-----END CERTIFICATE-----
|
|
EOF
|
|
|
|
#generated with GNUTLS internally in Samba.
|
|
|
|
open(CERTFILE, ">$certfile");
|
|
print CERTFILE <<EOF;
|
|
-----BEGIN CERTIFICATE-----
|
|
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
|
|
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
|
|
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
|
|
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
|
|
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
|
|
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
|
|
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
|
|
S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
|
|
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
|
|
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
|
|
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
|
|
LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
|
|
nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
|
|
-----END CERTIFICATE-----
|
|
EOF
|
|
close(CERTFILE);
|
|
|
|
#KDC certificate
|
|
# hxtool request-create \
|
|
# --subject="CN=krbtgt,CN=users,DC=samba,DC=example,DC=com" \
|
|
# --key="FILE:$KEYFILE" $KDCREQ
|
|
|
|
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
|
|
# --type="pkinit-kdc" \
|
|
# --pk-init-principal="krbtgt/SAMBA.EXAMPLE.COM@SAMBA.EXAMPLE.COM" \
|
|
# --req="PKCS10:$KDCREQ" --certificate="FILE:$KDCCERTFILE" \
|
|
# --lifetime="25 years"
|
|
|
|
open(KDCCERTFILE, ">$kdccertfile");
|
|
print KDCCERTFILE <<EOF;
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDDDCCAnWgAwIBAgIUI2Tzj+JnMzMcdeabcNo30rovzFAwCwYJKoZIhvcNAQEFMFIxEzAR
|
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDgwMzAxMTMxOTIzWhgPMjAzMzAyMjQx
|
|
MzE5MjNaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
|
|
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
|
|
yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
|
|
PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
|
|
AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
|
|
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
|
|
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
|
|
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
|
|
AQUFAAOBgQBmrVD5MCmZjfHp1nEnHqTIh8r7lSmVtDx4s9MMjxm9oNrzbKXynvdhwQYFVarc
|
|
ge4yRRDXtSebErOl71zVJI9CVeQQpwcH+tA85oGA7oeFtO/S7ls581RUU6tGgyxV4veD+lJv
|
|
KPH5LevUtgD+q9H4LU4Sq5N3iFwBaeryB0g2wg==
|
|
-----END CERTIFICATE-----
|
|
EOF
|
|
|
|
# hxtool request-create \
|
|
# --subject="CN=Administrator,CN=users,DC=samba,DC=example,DC=com" \
|
|
# --key="FILE:$ADMINKEYFILE" $ADMINREQFILE
|
|
|
|
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
|
|
# --type="pkinit-client" \
|
|
# --pk-init-principal="administrator@SAMBA.EXAMPLE.COM" \
|
|
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE" \
|
|
# --lifetime="25 years"
|
|
|
|
open(ADMINCERTFILE, ">$admincertfile");
|
|
print ADMINCERTFILE <<EOF;
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDHTCCAoagAwIBAgIUUggzW4lLRkMKe1DAR2NKatkMDYwwCwYJKoZIhvcNAQELMFIxEzAR
|
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMjE1WhgPMjAzNDA3MjIw
|
|
MzMyMTVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
|
|
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
|
|
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
|
|
xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
|
|
l3JRlwIDAQABo4HSMIHPMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
|
|
BgEFBQcDAgYKKwYBBAGCNxQCAjBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgExsRU0FNQkEu
|
|
RVhBTVBMRS5DT02hGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yMB8GA1UdIwQYMBaAFMLZ
|
|
ufegDKLZs0VOyFXYK1L6M8oyMB0GA1UdDgQWBBQg81bLyfCA88C2B/BDjXlGuaFaxjAJBgNV
|
|
HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAEf/OSHUDJaGdtWGNuJeqcVYVMwrfBAc0OSwVhz1
|
|
7/xqKHWo8wIMPkYRtaRHKLNDsF8GkhQPCpVsa6mX/Nt7YQnNvwd+1SBP5E8GvwWw9ZzLJvma
|
|
nk2n89emuayLpVtp00PymrDLRBcNaRjFReQU8f0o509kiVPHduAp3jOiy13l
|
|
-----END CERTIFICATE-----
|
|
EOF
|
|
close(ADMINCERTFILE);
|
|
|
|
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE \
|
|
# --type="pkinit-client" \
|
|
# --ms-upn="administrator@samba.example.com" \
|
|
# --req="PKCS10:$ADMINREQFILE" --certificate="FILE:$ADMINCERTUPNFILE" \
|
|
# --lifetime="25 years"
|
|
|
|
open(ADMINCERTUPNFILE, ">$admincertupnfile");
|
|
print ADMINCERTUPNFILE <<EOF;
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDDzCCAnigAwIBAgIUUp3CJMuNaEaAdPKp3QdNIwG7a4wwCwYJKoZIhvcNAQELMFIxEzAR
|
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDkwNzI3MDMzMzA1WhgPMjAzNDA3MjIw
|
|
MzMzMDVaMG0xEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1p
|
|
bmlzdHJhdG9yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5G
|
|
eRaWaM9xF43uE5y7jUHEsi5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMF
|
|
xB6esnXhl0Jpip1JkUMMXLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xd
|
|
l3JRlwIDAQABo4HEMIHBMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBgcrBgEFAgMEBggr
|
|
BgEFBQcDAgYKKwYBBAGCNxQCAjA6BgNVHREEMzAxoC8GCisGAQQBgjcUAgOgIQwfYWRtaW5p
|
|
c3RyYXRvckBzYW1iYS5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS
|
|
+jPKMjAdBgNVHQ4EFgQUIPNWy8nwgPPAtgfwQ415RrmhWsYwCQYDVR0TBAIwADANBgkqhkiG
|
|
9w0BAQsFAAOBgQBk42+egeUB3Ji2PC55fbt3FNKxvmm2xUUFkV9POK/YR9rajKOwk5jtYSeS
|
|
Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
|
|
Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
|
|
-----END CERTIFICATE-----
|
|
EOF
|
|
}
|
|
|
|
sub provision_raw_prepare($$$$$$$$$)
|
|
{
|
|
my ($self, $prefix, $server_role, $hostname,
|
|
$domain, $realm, $functional_level,
|
|
$password, $kdc_ipv4) = @_;
|
|
my $ctx;
|
|
my $netbiosname = uc($hostname);
|
|
|
|
unless(-d $prefix or mkdir($prefix, 0777)) {
|
|
warn("Unable to create $prefix");
|
|
return undef;
|
|
}
|
|
my $prefix_abs = abs_path($prefix);
|
|
|
|
die ("prefix=''") if $prefix_abs eq "";
|
|
die ("prefix='/'") if $prefix_abs eq "/";
|
|
|
|
unless (system("rm -rf $prefix_abs/*") == 0) {
|
|
warn("Unable to clean up");
|
|
}
|
|
|
|
|
|
my $swiface = Samba::get_interface($hostname);
|
|
|
|
$ctx->{prefix} = $prefix;
|
|
$ctx->{prefix_abs} = $prefix_abs;
|
|
|
|
$ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file";
|
|
|
|
$ctx->{server_role} = $server_role;
|
|
$ctx->{hostname} = $hostname;
|
|
$ctx->{netbiosname} = $netbiosname;
|
|
$ctx->{swiface} = $swiface;
|
|
$ctx->{password} = $password;
|
|
$ctx->{kdc_ipv4} = $kdc_ipv4;
|
|
|
|
$ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1;
|
|
$ctx->{username} = "Administrator";
|
|
$ctx->{domain} = $domain;
|
|
$ctx->{realm} = uc($realm);
|
|
$ctx->{dnsname} = lc($realm);
|
|
$ctx->{sid_generator} = "internal";
|
|
|
|
$ctx->{functional_level} = $functional_level;
|
|
|
|
my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
|
|
chomp $unix_name;
|
|
$ctx->{unix_name} = $unix_name;
|
|
$ctx->{unix_uid} = $>;
|
|
$ctx->{unix_gids_str} = $);
|
|
@{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
|
|
|
|
$ctx->{etcdir} = "$prefix_abs/etc";
|
|
$ctx->{piddir} = "$prefix_abs/pid";
|
|
$ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf";
|
|
$ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
|
|
$ctx->{privatedir} = "$prefix_abs/private";
|
|
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
|
|
$ctx->{lockdir} = "$prefix_abs/lockdir";
|
|
$ctx->{statedir} = "$prefix_abs/statedir";
|
|
$ctx->{cachedir} = "$prefix_abs/cachedir";
|
|
$ctx->{winbindd_socket_dir} = "$prefix_abs/winbindd_socket";
|
|
$ctx->{winbindd_privileged_socket_dir} = "$prefix_abs/winbindd_privileged_socket";
|
|
$ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket";
|
|
$ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd";
|
|
$ctx->{nsswrap_group} = "$ctx->{etcdir}/group";
|
|
|
|
$ctx->{tlsdir} = "$ctx->{privatedir}/tls";
|
|
|
|
$ctx->{ipv4} = "127.0.0.$swiface";
|
|
$ctx->{interfaces} = "$ctx->{ipv4}/8";
|
|
|
|
push(@{$ctx->{directories}}, $ctx->{privatedir});
|
|
push(@{$ctx->{directories}}, $ctx->{etcdir});
|
|
push(@{$ctx->{directories}}, $ctx->{piddir});
|
|
push(@{$ctx->{directories}}, $ctx->{lockdir});
|
|
push(@{$ctx->{directories}}, $ctx->{statedir});
|
|
push(@{$ctx->{directories}}, $ctx->{cachedir});
|
|
|
|
$ctx->{smb_conf_extra_options} = "";
|
|
|
|
my @provision_options = ();
|
|
push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
|
|
push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
|
|
if (defined($ENV{GDB_PROVISION})) {
|
|
push (@provision_options, "gdb --args");
|
|
if (!defined($ENV{PYTHON})) {
|
|
push (@provision_options, "env");
|
|
push (@provision_options, "python");
|
|
}
|
|
}
|
|
if (defined($ENV{VALGRIND_PROVISION})) {
|
|
push (@provision_options, "valgrind");
|
|
if (!defined($ENV{PYTHON})) {
|
|
push (@provision_options, "env");
|
|
push (@provision_options, "python");
|
|
}
|
|
}
|
|
if (defined($ENV{PYTHON})) {
|
|
push (@provision_options, $ENV{PYTHON});
|
|
}
|
|
push (@provision_options, "$self->{srcdir}/source4/setup/provision");
|
|
push (@provision_options, "--configfile=$ctx->{smb_conf}");
|
|
push (@provision_options, "--host-name=$ctx->{hostname}");
|
|
push (@provision_options, "--host-ip=$ctx->{ipv4}");
|
|
push (@provision_options, "--quiet");
|
|
push (@provision_options, "--domain=$ctx->{domain}");
|
|
push (@provision_options, "--realm=$ctx->{realm}");
|
|
push (@provision_options, "--adminpass=$ctx->{password}");
|
|
push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
|
|
push (@provision_options, "--machinepass=machine$ctx->{password}");
|
|
push (@provision_options, "--root=$ctx->{unix_name}");
|
|
push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
|
|
push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
|
|
push (@provision_options, "--dns-backend=BIND9_DLZ");
|
|
push (@provision_options, "--use-ntvfs");
|
|
|
|
@{$ctx->{provision_options}} = @provision_options;
|
|
|
|
return $ctx;
|
|
}
|
|
|
|
#
|
|
# Step1 creates the basic configuration
|
|
#
|
|
sub provision_raw_step1($$)
|
|
{
|
|
my ($self, $ctx) = @_;
|
|
|
|
mkdir($_, 0777) foreach (@{$ctx->{directories}});
|
|
|
|
unless (open(CONFFILE, ">$ctx->{smb_conf}")) {
|
|
warn("can't open $ctx->{smb_conf}$?");
|
|
return undef;
|
|
}
|
|
my $acl = "false";
|
|
$acl = "true" if (defined $ENV{WITH_ACL});
|
|
print CONFFILE "
|
|
[global]
|
|
acl:search = $acl
|
|
netbios name = $ctx->{netbiosname}
|
|
posix:eadb = $ctx->{statedir}/eadb.tdb
|
|
workgroup = $ctx->{domain}
|
|
realm = $ctx->{realm}
|
|
private dir = $ctx->{privatedir}
|
|
pid directory = $ctx->{piddir}
|
|
ncalrpc dir = $ctx->{ncalrpcdir}
|
|
lock dir = $ctx->{lockdir}
|
|
state directory = $ctx->{statedir}
|
|
cache directory = $ctx->{cachedir}
|
|
winbindd socket directory = $ctx->{winbindd_socket_dir}
|
|
winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
|
|
ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
|
|
winbind separator = /
|
|
name resolve order = file bcast
|
|
interfaces = $ctx->{interfaces}
|
|
tls dh params file = $ctx->{tlsdir}/dhparms.pem
|
|
panic action = $RealBin/gdb_backtrace \%d
|
|
wins support = yes
|
|
server role = $ctx->{server_role}
|
|
server services = +echo +dns
|
|
notify:inotify = false
|
|
ldb:nosync = true
|
|
#We don't want to pass our self-tests if the PAC code is wrong
|
|
gensec:require_pac = true
|
|
log level = $ctx->{server_loglevel}
|
|
lanman auth = Yes
|
|
rndc command = true
|
|
dns update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx->{dns_host_file} -s $ctx->{smb_conf}
|
|
spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
|
|
resolv:host file = $ctx->{dns_host_file}
|
|
dreplsrv:periodic_startup_interval = 0
|
|
dsdb:schema update allowed = yes
|
|
|
|
passdb backend = samba4
|
|
|
|
# remove this again, when our smb2 client library
|
|
# supports signin on compound related requests
|
|
server signing = on
|
|
";
|
|
|
|
if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
|
|
print CONFFILE "
|
|
sid generator = $ctx->{sid_generator}";
|
|
}
|
|
|
|
print CONFFILE "
|
|
|
|
# Begin extra options
|
|
$ctx->{smb_conf_extra_options}
|
|
# End extra options
|
|
";
|
|
close(CONFFILE);
|
|
|
|
$self->mk_keyblobs($ctx->{tlsdir});
|
|
|
|
#Default the KDC IP to the server's IP
|
|
if (not defined($ctx->{kdc_ipv4})) {
|
|
$ctx->{kdc_ipv4} = $ctx->{ipv4};
|
|
}
|
|
|
|
Samba::mk_krb5_conf($ctx, "");
|
|
|
|
open(PWD, ">$ctx->{nsswrap_passwd}");
|
|
print PWD "
|
|
root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
|
|
$ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
|
|
nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
|
|
";
|
|
close(PWD);
|
|
|
|
open(GRP, ">$ctx->{nsswrap_group}");
|
|
print GRP "
|
|
root:x:0:
|
|
wheel:x:10:
|
|
users:x:100:
|
|
nobody:x:65533:
|
|
nogroup:x:65534:nobody
|
|
";
|
|
close(GRP);
|
|
|
|
my $configuration = "--configfile=$ctx->{smb_conf}";
|
|
|
|
#Ensure the config file is valid before we start
|
|
my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm";
|
|
if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
|
|
system("$testparm -v --suppress-prompt $configuration >&2");
|
|
warn("Failed to create a valid smb.conf configuration $testparm!");
|
|
return undef;
|
|
}
|
|
unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) {
|
|
warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
|
|
return undef;
|
|
}
|
|
|
|
my $ret = {
|
|
KRB5_CONFIG => $ctx->{krb5_conf},
|
|
PIDDIR => $ctx->{piddir},
|
|
SERVER => $ctx->{hostname},
|
|
SERVER_IP => $ctx->{ipv4},
|
|
NETBIOSNAME => $ctx->{netbiosname},
|
|
DOMAIN => $ctx->{domain},
|
|
USERNAME => $ctx->{username},
|
|
REALM => $ctx->{realm},
|
|
PASSWORD => $ctx->{password},
|
|
LDAPDIR => $ctx->{ldapdir},
|
|
LDAP_INSTANCE => $ctx->{ldap_instance},
|
|
WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
|
|
NCALRPCDIR => $ctx->{ncalrpcdir},
|
|
LOCKDIR => $ctx->{lockdir},
|
|
STATEDIR => $ctx->{statedir},
|
|
CACHEDIR => $ctx->{cachedir},
|
|
SERVERCONFFILE => $ctx->{smb_conf},
|
|
CONFIGURATION => $configuration,
|
|
SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
|
|
NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd},
|
|
NSS_WRAPPER_GROUP => $ctx->{nsswrap_group},
|
|
SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
|
|
SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
|
|
SAMBA_TEST_LOG_POS => 0,
|
|
NSS_WRAPPER_WINBIND_SO_PATH => Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so"),
|
|
LOCAL_PATH => $ctx->{share}
|
|
};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
#
|
|
# Step2 runs the provision script
|
|
#
|
|
sub provision_raw_step2($$$)
|
|
{
|
|
my ($self, $ctx, $ret) = @_;
|
|
|
|
my $provision_cmd = join(" ", @{$ctx->{provision_options}});
|
|
unless (system($provision_cmd) == 0) {
|
|
warn("Unable to provision: \n$provision_cmd\n");
|
|
return undef;
|
|
}
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision($$$$$$$$)
|
|
{
|
|
my ($self, $prefix, $server_role, $hostname,
|
|
$domain, $realm, $functional_level,
|
|
$password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares) = @_;
|
|
|
|
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
|
|
$hostname,
|
|
$domain, $realm, $functional_level,
|
|
$password, $kdc_ipv4);
|
|
|
|
$ctx->{share} = "$ctx->{prefix_abs}/share";
|
|
push(@{$ctx->{directories}}, "$ctx->{share}");
|
|
push(@{$ctx->{directories}}, "$ctx->{share}/test1");
|
|
push(@{$ctx->{directories}}, "$ctx->{share}/test2");
|
|
my $msdfs = "no";
|
|
$msdfs = "yes" if ($server_role eq "domain controller");
|
|
$ctx->{smb_conf_extra_options} = "
|
|
|
|
max xmit = 32K
|
|
server max protocol = SMB2
|
|
host msdfs = $msdfs
|
|
lanman auth = yes
|
|
|
|
$extra_smbconf_options
|
|
|
|
[tmp]
|
|
path = $ctx->{share}
|
|
read only = no
|
|
posix:sharedelay = 10000
|
|
posix:oplocktimeout = 3
|
|
posix:writetimeupdatedelay = 50000
|
|
|
|
[xcopy_share]
|
|
path = $ctx->{share}
|
|
read only = no
|
|
posix:sharedelay = 10000
|
|
posix:oplocktimeout = 3
|
|
posix:writetimeupdatedelay = 50000
|
|
create mask = 777
|
|
force create mode = 777
|
|
|
|
[test1]
|
|
path = $ctx->{share}/test1
|
|
read only = no
|
|
posix:sharedelay = 10000
|
|
posix:oplocktimeout = 3
|
|
posix:writetimeupdatedelay = 50000
|
|
|
|
[test2]
|
|
path = $ctx->{share}/test2
|
|
read only = no
|
|
posix:sharedelay = 10000
|
|
posix:oplocktimeout = 3
|
|
posix:writetimeupdatedelay = 50000
|
|
|
|
[cifs]
|
|
read only = no
|
|
ntvfs handler = cifs
|
|
cifs:server = $ctx->{netbiosname}
|
|
cifs:share = tmp
|
|
cifs:use-s4u2proxy = yes
|
|
# There is no username specified here, instead the client is expected
|
|
# to log in with kerberos, and the serverwill use delegated credentials.
|
|
# Or the server tries s4u2self/s4u2proxy to impersonate the client
|
|
|
|
[simple]
|
|
path = $ctx->{share}
|
|
read only = no
|
|
ntvfs handler = simple
|
|
|
|
[sysvol]
|
|
path = $ctx->{statedir}/sysvol
|
|
read only = yes
|
|
|
|
[netlogon]
|
|
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
|
|
read only = no
|
|
|
|
[cifsposix]
|
|
copy = simple
|
|
ntvfs handler = cifsposix
|
|
|
|
$extra_smbconf_shares
|
|
";
|
|
|
|
if (defined($self->{ldap})) {
|
|
$ctx->{ldapdir} = "$ctx->{privatedir}/ldap";
|
|
push(@{$ctx->{directories}}, "$ctx->{ldapdir}");
|
|
|
|
my $ldap_uri= "$ctx->{ldapdir}/ldapi";
|
|
$ldap_uri =~ s|/|%2F|g;
|
|
$ldap_uri = "ldapi://$ldap_uri";
|
|
$ctx->{ldap_uri} = $ldap_uri;
|
|
if ($self->{ldap} eq "fedora-ds") {
|
|
$ctx->{sid_generator} = "backend";
|
|
}
|
|
|
|
$ctx->{ldap_instance} = lc($ctx->{netbiosname});
|
|
}
|
|
|
|
my $ret = $self->provision_raw_step1($ctx);
|
|
unless (defined $ret) {
|
|
return undef;
|
|
}
|
|
|
|
if (defined($self->{ldap})) {
|
|
$ret->{LDAP_URI} = $ctx->{ldap_uri};
|
|
push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
|
|
push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
|
|
if ($self->{ldap} eq "openldap") {
|
|
push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
|
|
($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
|
|
|
|
} elsif ($self->{ldap} eq "fedora-ds") {
|
|
push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
|
|
push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
|
|
($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
|
|
}
|
|
|
|
}
|
|
|
|
return $self->provision_raw_step2($ctx, $ret);
|
|
}
|
|
|
|
sub provision_member($$$)
|
|
{
|
|
my ($self, $prefix, $dcvars) = @_;
|
|
print "PROVISIONING MEMBER...";
|
|
|
|
my $ret = $self->provision($prefix,
|
|
"member server",
|
|
"s4member",
|
|
"SAMBADOMAIN",
|
|
"samba.example.com",
|
|
"2008",
|
|
"locMEMpass3",
|
|
$dcvars->{SERVER_IP},
|
|
"", "");
|
|
unless ($ret) {
|
|
return undef;
|
|
}
|
|
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
|
|
$cmd .= " --machinepass=machine$ret->{password}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Join failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
$ret->{MEMBER_SERVER} = $ret->{SERVER};
|
|
$ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
$ret->{MEMBER_USERNAME} = $ret->{USERNAME};
|
|
$ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
|
|
|
|
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
|
|
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_rpc_proxy($$$)
|
|
{
|
|
my ($self, $prefix, $dcvars) = @_;
|
|
print "PROVISIONING RPC PROXY...";
|
|
|
|
my $extra_smbconf_options = "
|
|
|
|
# rpc_proxy
|
|
dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER}
|
|
dcerpc endpoint servers = epmapper, remote
|
|
dcerpc_remote:interfaces = rpcecho
|
|
|
|
[cifs_to_dc]
|
|
read only = no
|
|
ntvfs handler = cifs
|
|
cifs:server = $dcvars->{SERVER}
|
|
cifs:share = cifs
|
|
cifs:use-s4u2proxy = yes
|
|
# There is no username specified here, instead the client is expected
|
|
# to log in with kerberos, and the serverwill use delegated credentials.
|
|
# Or the server tries s4u2self/s4u2proxy to impersonate the client
|
|
|
|
";
|
|
|
|
my $ret = $self->provision($prefix,
|
|
"member server",
|
|
"localrpcproxy",
|
|
"SAMBADOMAIN",
|
|
"samba.example.com",
|
|
"2008",
|
|
"locRPCproxypass4",
|
|
$dcvars->{SERVER_IP},
|
|
$extra_smbconf_options, "");
|
|
|
|
unless ($ret) {
|
|
return undef;
|
|
}
|
|
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
|
|
# The joind runs in the context of the rpc_proxy/member for now
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
|
|
$cmd .= " --machinepass=machine$ret->{password}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Join failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
# Setting up delegation runs in the context of the DC for now
|
|
$cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Delegation failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
# Setting up delegation runs in the context of the DC for now
|
|
$cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$dcvars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$dcvars->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} $dcvars->{CONFIGURATION}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Delegation failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
$ret->{RPC_PROXY_SERVER} = $ret->{SERVER};
|
|
$ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
$ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
|
|
$ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
|
|
|
|
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
|
|
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_vampire_dc($$$)
|
|
{
|
|
my ($self, $prefix, $dcvars) = @_;
|
|
print "PROVISIONING VAMPIRE DC...";
|
|
|
|
# We do this so that we don't run the provision. That's the job of 'net vampire'.
|
|
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
|
|
"localvampiredc",
|
|
"SAMBADOMAIN",
|
|
"samba.example.com",
|
|
"2008",
|
|
$dcvars->{PASSWORD},
|
|
$dcvars->{SERVER_IP});
|
|
|
|
$ctx->{smb_conf_extra_options} = "
|
|
max xmit = 32K
|
|
server max protocol = SMB2
|
|
|
|
[sysvol]
|
|
path = $ctx->{statedir}/sysvol
|
|
read only = yes
|
|
|
|
[netlogon]
|
|
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
|
|
read only = no
|
|
|
|
";
|
|
|
|
my $ret = $self->provision_raw_step1($ctx);
|
|
unless ($ret) {
|
|
return undef;
|
|
}
|
|
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
|
|
$cmd .= " --machinepass=machine$ret->{password}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Join failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
$ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER};
|
|
$ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
|
|
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
|
|
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_subdom_dc($$$)
|
|
{
|
|
my ($self, $prefix, $dcvars) = @_;
|
|
print "PROVISIONING SUBDOMAIN DC...";
|
|
|
|
# We do this so that we don't run the provision. That's the job of 'net vampire'.
|
|
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
|
|
"localsubdc",
|
|
"SAMBASUBDOM",
|
|
"sub.samba.example.com",
|
|
"2008",
|
|
$dcvars->{PASSWORD},
|
|
undef);
|
|
|
|
$ctx->{smb_conf_extra_options} = "
|
|
max xmit = 32K
|
|
server max protocol = SMB2
|
|
|
|
[sysvol]
|
|
path = $ctx->{statedir}/sysvol
|
|
read only = yes
|
|
|
|
[netlogon]
|
|
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
|
|
read only = no
|
|
|
|
";
|
|
|
|
my $ret = $self->provision_raw_step1($ctx);
|
|
unless ($ret) {
|
|
return undef;
|
|
}
|
|
|
|
my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
|
|
$dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
|
|
Samba::mk_krb5_conf($ctx, $dc_realms);
|
|
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
|
|
$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
|
|
$cmd .= " --machinepass=machine$ret->{password}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("Join failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
$ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
|
|
$ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
|
|
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
|
|
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_dc($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
print "PROVISIONING DC...";
|
|
my $extra_conf_options = "netbios aliases = localDC1-a
|
|
allow dns updates = True";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"localdc",
|
|
"SAMBADOMAIN",
|
|
"samba.example.com",
|
|
"2008",
|
|
"locDCpass1",
|
|
undef, $extra_conf_options, "");
|
|
|
|
return undef unless(defined $ret);
|
|
unless($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
$ret->{NETBIOSALIAS} = "localdc1-a";
|
|
$ret->{DC_SERVER} = $ret->{SERVER};
|
|
$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $ret->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $ret->{PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_fl2000dc($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
print "PROVISIONING DC...";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"dc5",
|
|
"SAMBA2000",
|
|
"samba2000.example.com",
|
|
"2000",
|
|
"locDCpass5",
|
|
undef, "");
|
|
|
|
unless($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_fl2003dc($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
print "PROVISIONING DC...";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"dc6",
|
|
"SAMBA2003",
|
|
"samba2003.example.com",
|
|
"2003",
|
|
"locDCpass6",
|
|
undef, "", "");
|
|
|
|
unless($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_fl2008r2dc($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
print "PROVISIONING DC...";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"dc7",
|
|
"SAMBA2008R2",
|
|
"samba2008R2.example.com",
|
|
"2008_R2",
|
|
"locDCpass7",
|
|
undef, "", "");
|
|
|
|
unless ($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
|
|
return $ret;
|
|
}
|
|
|
|
|
|
sub provision_rodc($$$)
|
|
{
|
|
my ($self, $prefix, $dcvars) = @_;
|
|
print "PROVISIONING RODC...";
|
|
|
|
# We do this so that we don't run the provision. That's the job of 'net join RODC'.
|
|
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
|
|
"rodc",
|
|
"SAMBADOMAIN",
|
|
"samba.example.com",
|
|
"2008",
|
|
$dcvars->{PASSWORD},
|
|
$dcvars->{SERVER_IP});
|
|
unless ($ctx) {
|
|
return undef;
|
|
}
|
|
|
|
$ctx->{share} = "$ctx->{prefix_abs}/share";
|
|
push(@{$ctx->{directories}}, "$ctx->{share}");
|
|
|
|
$ctx->{smb_conf_extra_options} = "
|
|
max xmit = 32K
|
|
server max protocol = SMB2
|
|
|
|
[sysvol]
|
|
path = $ctx->{statedir}/sysvol
|
|
read only = yes
|
|
|
|
[netlogon]
|
|
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
|
|
read only = yes
|
|
|
|
[tmp]
|
|
path = $ctx->{share}
|
|
read only = no
|
|
posix:sharedelay = 10000
|
|
posix:oplocktimeout = 3
|
|
posix:writetimeupdatedelay = 50000
|
|
|
|
";
|
|
|
|
my $ret = $self->provision_raw_step1($ctx);
|
|
unless ($ret) {
|
|
return undef;
|
|
}
|
|
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
|
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
|
|
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
|
|
$cmd .= " --server=$dcvars->{DC_SERVER}";
|
|
|
|
unless (system($cmd) == 0) {
|
|
warn("RODC join failed\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
# we overwrite the kdc after the RODC join
|
|
# so that use the RODC as kdc and test
|
|
# the proxy code
|
|
$ctx->{kdc_ipv4} = $ret->{SERVER_IP};
|
|
Samba::mk_krb5_conf($ctx);
|
|
|
|
$ret->{RODC_DC_SERVER} = $ret->{SERVER};
|
|
$ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
|
|
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
|
|
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_plugin_s4_dc($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
my $prefix_abs = abs_path($prefix);
|
|
|
|
my $bindir_abs = abs_path($self->{bindir});
|
|
my $lockdir="$prefix_abs/lockdir";
|
|
|
|
my $extra_smbconf_options = "
|
|
server services = -smb +s3fs
|
|
xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
|
|
|
|
kernel oplocks = no
|
|
kernel change notify = no
|
|
|
|
syslog = no
|
|
printing = bsd
|
|
printcap name = /dev/null
|
|
|
|
max protocol = SMB2
|
|
read only = no
|
|
server signing = auto
|
|
|
|
smbd:sharedelay = 100000
|
|
smbd:writetimeupdatedelay = 500000
|
|
create mask = 755
|
|
dos filemode = yes
|
|
|
|
vfs objects = acl_xattr xattr_tdb streams_depot
|
|
|
|
dcerpc endpoint servers = -winreg -srvsvc
|
|
|
|
printcap name = /dev/null
|
|
|
|
printing = vlp
|
|
print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
|
|
lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
|
|
lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
|
|
lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
|
|
lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
|
|
queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
|
|
queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
|
|
lpq cache time = 0
|
|
|
|
";
|
|
|
|
my $extra_smbconf_shares = "
|
|
|
|
[tmpcase]
|
|
copy = tmp
|
|
case sensitive = yes
|
|
|
|
[tmpguest]
|
|
copy = tmp
|
|
guest ok = yes
|
|
|
|
[hideunread]
|
|
copy = tmp
|
|
hide unreadable = yes
|
|
";
|
|
|
|
print "PROVISIONING PLUGIN S4 DC...";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"plugindc",
|
|
"PLUGINDOMAIN",
|
|
"plugin.samba.example.com",
|
|
"2008",
|
|
"locDCpass1",
|
|
undef, $extra_smbconf_options,
|
|
$extra_smbconf_shares);
|
|
|
|
return undef unless(defined $ret);
|
|
unless($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
|
|
$ret->{DC_SERVER} = $ret->{SERVER};
|
|
$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $ret->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $ret->{PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub provision_chgdcpass($$)
|
|
{
|
|
my ($self, $prefix) = @_;
|
|
|
|
print "PROVISIONING CHGDCPASS...";
|
|
my $ret = $self->provision($prefix,
|
|
"domain controller",
|
|
"chgdcpass",
|
|
"CHDCDOMAIN",
|
|
"chgdcpassword.samba.example.com",
|
|
"2008",
|
|
"chgDCpass1",
|
|
undef);
|
|
|
|
return undef unless(defined $ret);
|
|
unless($self->add_wins_config("$prefix/private")) {
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
$ret->{DC_SERVER} = $ret->{SERVER};
|
|
$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
|
|
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $ret->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $ret->{PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
|
|
sub teardown_env($$)
|
|
{
|
|
my ($self, $envvars) = @_;
|
|
my $pid;
|
|
|
|
# This should cause samba to terminate gracefully
|
|
close($envvars->{STDIN_PIPE});
|
|
|
|
$pid = $envvars->{SAMBA_PID};
|
|
my $count = 0;
|
|
my $childpid;
|
|
|
|
# This should give it time to write out the gcov data
|
|
until ($count > 20) {
|
|
if (Samba::cleanup_child($pid, "samba") == -1) {
|
|
last;
|
|
}
|
|
sleep(1);
|
|
$count++;
|
|
}
|
|
|
|
if ($count <= 20 && kill(0, $pid) == 0) {
|
|
return;
|
|
}
|
|
|
|
kill "TERM", $pid;
|
|
|
|
until ($count > 20) {
|
|
if (Samba::cleanup_child($pid, "samba") == -1) {
|
|
last;
|
|
}
|
|
sleep(1);
|
|
$count++;
|
|
}
|
|
|
|
# If it is still around, kill it
|
|
if ($count > 20 && kill(0, $pid) == 0) {
|
|
warn "server process $pid took more than $count seconds to exit, killing\n";
|
|
kill 9, $pid;
|
|
}
|
|
|
|
$self->slapd_stop($envvars) if ($self->{ldap});
|
|
|
|
print $self->getlog_env($envvars);
|
|
|
|
return;
|
|
}
|
|
|
|
sub getlog_env($$)
|
|
{
|
|
my ($self, $envvars) = @_;
|
|
my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME}\n";
|
|
my $out = $title;
|
|
|
|
open(LOG, "<$envvars->{SAMBA_TEST_LOG}");
|
|
|
|
seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET);
|
|
while (<LOG>) {
|
|
$out .= $_;
|
|
}
|
|
$envvars->{SAMBA_TEST_LOG_POS} = tell(LOG);
|
|
close(LOG);
|
|
|
|
return "" if $out eq $title;
|
|
|
|
return $out;
|
|
}
|
|
|
|
sub check_env($$)
|
|
{
|
|
my ($self, $envvars) = @_;
|
|
|
|
my $childpid = Samba::cleanup_child($envvars->{SAMBA_PID}, "samba");
|
|
|
|
return ($childpid == 0);
|
|
}
|
|
|
|
sub setup_env($$$)
|
|
{
|
|
my ($self, $envname, $path) = @_;
|
|
my $target3 = $self->{target3};
|
|
|
|
$ENV{ENVNAME} = $envname;
|
|
|
|
if (defined($self->{vars}->{$envname})) {
|
|
return $self->{vars}->{$envname};
|
|
}
|
|
|
|
if ($envname eq "dc") {
|
|
return $self->setup_dc("$path/dc");
|
|
} elsif ($envname eq "fl2000dc") {
|
|
return $self->setup_fl2000dc("$path/fl2000dc");
|
|
} elsif ($envname eq "fl2003dc") {
|
|
return $self->setup_fl2003dc("$path/fl2003dc");
|
|
} elsif ($envname eq "fl2008r2dc") {
|
|
return $self->setup_fl2008r2dc("$path/fl2008r2dc");
|
|
} elsif ($envname eq "rpc_proxy") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
|
|
} elsif ($envname eq "vampire_dc") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
|
|
} elsif ($envname eq "subdom_dc") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{dc});
|
|
} elsif ($envname eq "s4member") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $self->setup_member("$path/s4member", $self->{vars}->{dc});
|
|
} elsif ($envname eq "rodc") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
|
|
} elsif ($envname eq "chgdcpass") {
|
|
return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
|
|
} elsif ($envname eq "s3member") {
|
|
if (not defined($self->{vars}->{dc})) {
|
|
$self->setup_dc("$path/dc");
|
|
}
|
|
return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
|
|
} elsif ($envname eq "plugin_s4_dc") {
|
|
return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
|
|
} else {
|
|
return "UNKNOWN";
|
|
}
|
|
}
|
|
|
|
sub setup_member($$$)
|
|
{
|
|
my ($self, $path, $dc_vars) = @_;
|
|
|
|
my $env = $self->provision_member($path, $dc_vars);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{member} = $env;
|
|
}
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_rpc_proxy($$$)
|
|
{
|
|
my ($self, $path, $dc_vars) = @_;
|
|
|
|
my $env = $self->provision_rpc_proxy($path, $dc_vars);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{rpc_proxy} = $env;
|
|
}
|
|
return $env;
|
|
}
|
|
|
|
sub setup_dc($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
my $env = $self->provision_dc($path);
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "standard");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{dc} = $env;
|
|
}
|
|
return $env;
|
|
}
|
|
|
|
sub setup_chgdcpass($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
my $env = $self->provision_chgdcpass($path);
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{chgdcpass} = $env;
|
|
}
|
|
return $env;
|
|
}
|
|
|
|
sub setup_fl2000dc($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
my $env = $self->provision_fl2000dc($path);
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{fl2000dc} = $env;
|
|
}
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_fl2003dc($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
my $env = $self->provision_fl2003dc($path);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{fl2003dc} = $env;
|
|
}
|
|
return $env;
|
|
}
|
|
|
|
sub setup_fl2008r2dc($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
my $env = $self->provision_fl2008r2dc($path);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{fl2008r2dc} = $env;
|
|
}
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_vampire_dc($$$)
|
|
{
|
|
my ($self, $path, $dc_vars) = @_;
|
|
|
|
my $env = $self->provision_vampire_dc($path, $dc_vars);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{vampire_dc} = $env;
|
|
|
|
# force replicated DC to update repsTo/repsFrom
|
|
# for vampired partitions
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
|
|
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
|
|
$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
|
|
$cmd .= " $env->{CONFIGURATION}";
|
|
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
|
|
unless (system($cmd) == 0) {
|
|
warn("Failed to exec kcc\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
# as 'vampired' dc may add data in its local replica
|
|
# we need to synchronize data between DCs
|
|
my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
|
|
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
|
|
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
|
|
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}";
|
|
$cmd .= " $dc_vars->{CONFIGURATION}";
|
|
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
|
|
# replicate Configuration NC
|
|
my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
|
|
unless(system($cmd_repl) == 0) {
|
|
warn("Failed to replicate\n$cmd_repl");
|
|
return undef;
|
|
}
|
|
# replicate Default NC
|
|
$cmd_repl = "$cmd \"$base_dn\"";
|
|
unless(system($cmd_repl) == 0) {
|
|
warn("Failed to replicate\n$cmd_repl");
|
|
return undef;
|
|
}
|
|
}
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_subdom_dc($$$)
|
|
{
|
|
my ($self, $path, $dc_vars) = @_;
|
|
|
|
my $env = $self->provision_subdom_dc($path, $dc_vars);
|
|
|
|
if (defined $env) {
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{subdom_dc} = $env;
|
|
|
|
# force replicated DC to update repsTo/repsFrom
|
|
# for primary domain partitions
|
|
my $samba_tool = Samba::bindir_path($self, "samba-tool");
|
|
my $cmd = "";
|
|
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
|
|
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
|
|
$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
|
|
$cmd .= " $env->{CONFIGURATION}";
|
|
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
|
|
unless (system($cmd) == 0) {
|
|
warn("Failed to exec kcc\n$cmd");
|
|
return undef;
|
|
}
|
|
|
|
# as 'subdomain' dc may add data in its local replica
|
|
# we need to synchronize data between DCs
|
|
my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
|
|
my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
|
|
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
|
|
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
|
|
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
|
|
$cmd .= " $dc_vars->{CONFIGURATION}";
|
|
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
|
|
# replicate Configuration NC
|
|
my $cmd_repl = "$cmd \"$config_dn\"";
|
|
unless(system($cmd_repl) == 0) {
|
|
warn("Failed to replicate\n$cmd_repl");
|
|
return undef;
|
|
}
|
|
# replicate Default NC
|
|
$cmd_repl = "$cmd \"$base_dn\"";
|
|
unless(system($cmd_repl) == 0) {
|
|
warn("Failed to replicate\n$cmd_repl");
|
|
return undef;
|
|
}
|
|
}
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_rodc($$$)
|
|
{
|
|
my ($self, $path, $dc_vars) = @_;
|
|
|
|
my $env = $self->provision_rodc($path, $dc_vars);
|
|
|
|
unless ($env) {
|
|
return undef;
|
|
}
|
|
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{rodc} = $env;
|
|
|
|
return $env;
|
|
}
|
|
|
|
sub setup_plugin_s4_dc($$)
|
|
{
|
|
my ($self, $path) = @_;
|
|
|
|
# If we didn't build with ADS, pretend this env was never available
|
|
if (not $self->{target3}->have_ads()) {
|
|
return "UNKNOWN";
|
|
}
|
|
|
|
my $env = $self->provision_plugin_s4_dc($path);
|
|
unless ($env) {
|
|
return undef;
|
|
}
|
|
|
|
$self->check_or_start($env, "single");
|
|
|
|
$self->wait_for_start($env);
|
|
|
|
$self->{vars}->{plugin_s4_dc} = $env;
|
|
return $env;
|
|
}
|
|
|
|
1;
|