1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/selftest/target/Samba.pm
Tim Beale d192ba4e0b selftest: Add helper function to create exports file for a testenv
This writes out the environment variables that are normally setup in the
testenv xterm to a file. This allows them to be sourced later.

This function is currently unused. However, it provides an alternative
replacement for the selftest-vars.sh script (which is really out of
date). I do plan to make use of this function in a subsequent patch-set.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 01:53:26 +00:00

653 lines
16 KiB
Perl

#!/usr/bin/perl
# Bootstrap Samba and run a number of tests against it.
# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
# Published under the GNU GPL, v3 or later.
package Samba;
use strict;
use target::Samba3;
use target::Samba4;
use POSIX;
use Cwd qw(abs_path);
sub new($$$$$) {
my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
my $self = {
samba3 => new Samba3($bindir, $srcdir, $server_maxtime),
samba4 => new Samba4($bindir, $ldap, $srcdir, $server_maxtime),
};
bless $self;
return $self;
}
%Samba::ENV_DEPS = (%Samba3::ENV_DEPS, %Samba4::ENV_DEPS);
our %ENV_DEPS;
%Samba::ENV_TARGETS = (
(map { $_ => "Samba3" } keys %Samba3::ENV_DEPS),
(map { $_ => "Samba4" } keys %Samba4::ENV_DEPS),
);
our %ENV_TARGETS;
%Samba::ENV_NEEDS_AD_DC = (
(map { $_ => 1 } keys %Samba4::ENV_DEPS)
);
our %ENV_NEEDS_AD_DC;
foreach my $env (keys %Samba3::ENV_DEPS) {
$ENV_NEEDS_AD_DC{$env} = ($env =~ /^ad_/);
}
sub setup_env($$$)
{
my ($self, $envname, $path) = @_;
my $targetname = $ENV_TARGETS{$envname};
if (not defined($targetname)) {
warn("Samba can't provide environment '$envname'");
return "UNKNOWN";
}
my %targetlookup = (
"Samba3" => $self->{samba3},
"Samba4" => $self->{samba4}
);
my $target = $targetlookup{$targetname};
if (defined($target->{vars}->{$envname})) {
return $target->{vars}->{$envname};
}
my @dep_vars;
foreach(@{$ENV_DEPS{$envname}}) {
my $vars = $self->setup_env($_, $path);
if (defined($vars)) {
push(@dep_vars, $vars);
} else {
warn("Failed setting up $_ as a dependency of $envname");
return undef;
}
}
$ENV{ENVNAME} = $envname;
# Avoid hitting system krb5.conf -
# An env that needs Kerberos will reset this to the real value.
$ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
my $setup_name = $ENV_TARGETS{$envname}."::setup_".$envname;
my $setup_sub = \&$setup_name;
my $env = &$setup_sub($target, "$path/$envname", @dep_vars);
if (not defined($env)) {
warn("failed to start up environment '$envname'");
return undef;
}
$target->{vars}->{$envname} = $env;
$target->{vars}->{$envname}->{target} = $target;
return $env;
}
sub bindir_path($$) {
my ($object, $path) = @_;
my $valpath = "$object->{bindir}/$path";
my $python_cmd = "";
my $result = $path;
if (defined $ENV{'PYTHON'}) {
$python_cmd = $ENV{'PYTHON'} . " ";
}
if (-f $valpath or -d $valpath) {
$result = $valpath;
}
# make sure we prepend samba-tool with calling $PYTHON python version
if ($path eq "samba-tool") {
$result = $python_cmd . $result;
}
return $result;
}
sub nss_wrapper_winbind_so_path($) {
my ($object) = @_;
my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
if (not defined($ret)) {
$ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2");
$ret = abs_path($ret);
}
return $ret;
}
sub copy_file_content($$)
{
my ($in, $out) = @_;
open(IN, "${in}") or die("failed to open in[${in}] for reading: $!");
open(OUT, ">${out}") or die("failed to open out[${out}] for writing: $!");
while(<IN>) {
print OUT $_;
}
close(OUT);
close(IN);
}
sub prepare_keyblobs($)
{
my ($ctx) = @_;
my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}";
my $dcdir = "$cadir/DCs/$dcdnsname";
my $dccert = "$dcdir/DC-$dcdnsname-cert.pem";
my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem";
my $adminprincipalname = "administrator\@$ctx->{dnsname}";
my $admindir = "$cadir/Users/$adminprincipalname";
my $admincert = "$admindir/USER-$adminprincipalname-cert.pem";
my $adminkey_private = "$admindir/USER-$adminprincipalname-private-key.pem";
my $pkinitprincipalname = "pkinit\@$ctx->{dnsname}";
my $pkinitdir = "$cadir/Users/$pkinitprincipalname";
my $pkinitcert = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
my $pkinitkey_private = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
my $tlsdir = "$ctx->{tlsdir}";
my $pkinitdir = "$ctx->{prefix_abs}/pkinit";
#TLS and PKINIT crypto blobs
my $dhfile = "$tlsdir/dhparms.pem";
my $cafile = "$tlsdir/ca.pem";
my $crlfile = "$tlsdir/crl.pem";
my $certfile = "$tlsdir/cert.pem";
my $keyfile = "$tlsdir/key.pem";
my $admincertfile = "$pkinitdir/USER-$adminprincipalname-cert.pem";
my $adminkeyfile = "$pkinitdir/USER-$adminprincipalname-private-key.pem";
my $pkinitcertfile = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
my $pkinitkeyfile = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
mkdir($tlsdir, 0700);
mkdir($pkinitdir, 0700);
my $oldumask = umask;
umask 0077;
# This is specified here to avoid draining entropy on every run
# generate by
# openssl dhparam -out dhparms.pem -text -2 8192
open(DHFILE, ">$dhfile");
print DHFILE <<EOF;
-----BEGIN DH PARAMETERS-----
MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87
SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe
pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx
XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB
WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p
jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb
Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR
+yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d
05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7
MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL
xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM
04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV
/cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H
YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx
RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg==
-----END DH PARAMETERS-----
EOF
close(DHFILE);
if (! -e ${dckey_private}) {
umask $oldumask;
return;
}
copy_file_content(${cacert}, ${cafile});
copy_file_content(${cacrl_pem}, ${crlfile});
copy_file_content(${dccert}, ${certfile});
copy_file_content(${dckey_private}, ${keyfile});
if (-e ${adminkey_private}) {
copy_file_content(${admincert}, ${admincertfile});
copy_file_content(${adminkey_private}, ${adminkeyfile});
}
if (-e ${pkinitkey_private}) {
copy_file_content(${pkinitcert}, ${pkinitcertfile});
copy_file_content(${pkinitkey_private}, ${pkinitkeyfile});
}
# COMPAT stuff to be removed in a later commit
my $kdccertfile = "$tlsdir/kdc.pem";
copy_file_content(${dccert}, ${kdccertfile});
umask $oldumask;
}
sub mk_krb5_conf($$)
{
my ($ctx) = @_;
unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
warn("can't open $ctx->{krb5_conf}$?");
return undef;
}
my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
$ctx->{dnsname},
$ctx->{domain},
$ctx->{kdc_ipv4});
print KRB5CONF "
#Generated krb5.conf for $ctx->{realm}
[libdefaults]
default_realm = $ctx->{realm}
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
allow_weak_crypto = yes
# We are running on the same machine, do not correct
# system clock differences
kdc_timesync = 0
";
if (defined($ENV{MITKRB5})) {
print KRB5CONF "
# Set the grace clocskew to 5 seconds
# This is especially required by samba3.raw.session krb5 and
# reauth tests when not using Heimdal
clockskew = 5
";
}
if (defined($ctx->{krb5_ccname})) {
print KRB5CONF "
default_ccache_name = $ctx->{krb5_ccname}
";
}
if (defined($ctx->{supported_enctypes})) {
print KRB5CONF "
default_etypes = $ctx->{supported_enctypes}
default_as_etypes = $ctx->{supported_enctypes}
default_tgs_enctypes = $ctx->{supported_enctypes}
default_tkt_enctypes = $ctx->{supported_enctypes}
permitted_enctypes = $ctx->{supported_enctypes}
";
}
print KRB5CONF "
[realms]
$our_realms_stanza
";
if (defined($ctx->{tlsdir})) {
print KRB5CONF "
[appdefaults]
pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
[kdc]
enable-pkinit = true
pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
";
}
close(KRB5CONF);
}
sub mk_realms_stanza($$$$)
{
my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
my $lc_domain = lc($domain);
my $realms_stanza = "
$realm = {
kdc = $kdc_ipv4:88
admin_server = $kdc_ipv4:88
default_domain = $dnsname
}
$dnsname = {
kdc = $kdc_ipv4:88
admin_server = $kdc_ipv4:88
default_domain = $dnsname
}
$domain = {
kdc = $kdc_ipv4:88
admin_server = $kdc_ipv4:88
default_domain = $dnsname
}
$lc_domain = {
kdc = $kdc_ipv4:88
admin_server = $kdc_ipv4:88
default_domain = $dnsname
}
";
return $realms_stanza;
}
sub mk_mitkdc_conf($$)
{
# samba_kdb_dir is the path to mit_samba.so
my ($ctx, $samba_kdb_dir) = @_;
unless (open(KDCCONF, ">$ctx->{mitkdc_conf}")) {
warn("can't open $ctx->{mitkdc_conf}$?");
return undef;
}
print KDCCONF "
# Generated kdc.conf for $ctx->{realm}
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
$ctx->{realm} = {
}
$ctx->{dnsname} = {
}
$ctx->{domain} = {
}
[dbmodules]
db_module_dir = $samba_kdb_dir
$ctx->{realm} = {
db_library = samba
}
$ctx->{dnsname} = {
db_library = samba
}
$ctx->{domain} = {
db_library = samba
}
[logging]
kdc = FILE:$ctx->{logdir}/mit_kdc.log
";
close(KDCCONF);
}
sub realm_to_ip_mappings
{
# this maps the DNS realms for the various testenvs to the corresponding
# PDC (i.e. the first DC created for that realm).
my %realm_to_pdc_mapping = (
'adnonssdom.samba.example.com' => 'addc_no_nss',
'adnontlmdom.samba.example.com' => 'addc_no_ntlm',
'samba2000.example.com' => 'dc5',
'samba2003.example.com' => 'dc6',
'samba2008r2.example.com' => 'dc7',
'addom.samba.example.com' => 'addc',
'sub.samba.example.com' => 'localsubdc',
'chgdcpassword.samba.example.com' => 'chgdcpass',
'backupdom.samba.example.com' => 'backupfromdc',
'renamedom.samba.example.com' => 'renamedc',
'labdom.samba.example.com' => 'labdc',
'samba.example.com' => 'localdc',
);
my @mapping = ();
# convert the hashmap to a list of key=value strings, where key is the
# realm and value is the IP address
while (my ($realm, $pdc) = each(%realm_to_pdc_mapping)) {
my $ipaddr = get_ipv4_addr($pdc);
push(@mapping, "$realm=$ipaddr");
}
# return the mapping as a single comma-separated string
return join(',', @mapping);
}
sub get_interface($)
{
my ($netbiosname) = @_;
$netbiosname = lc($netbiosname);
# this maps the SOCKET_WRAPPER_DEFAULT_IFACE value for each possible
# testenv to the DC's NETBIOS name. This value also corresponds to last
# digit of the DC's IP address. Note that the NETBIOS name may differ from
# the testenv name.
# Note that when adding a DC with a new realm, also update
# get_realm_ip_mappings() above.
my %testenv_iface_mapping = (
localnt4dc2 => 3,
localnt4member3 => 4,
localshare4 => 5,
# 6 is spare
localktest6 => 7,
maptoguest => 8,
localnt4dc9 => 9,
# 10 is spare
# 11-16 used by selftest.pl for client interfaces
client => 11,
addc_no_nss => 17,
addc_no_ntlm => 18,
idmapadmember => 19,
idmapridmember => 20,
localdc => 21,
localvampiredc => 22,
s4member => 23,
localrpcproxy => 24,
dc5 => 25,
dc6 => 26,
dc7 => 27,
rodc => 28,
localadmember => 29,
addc => 30,
localsubdc => 31,
chgdcpass => 32,
promotedvdc => 33,
rfc2307member => 34,
fileserver => 35,
fakednsforwarder1 => 36,
fakednsforwarder2 => 37,
s4member_dflt => 38,
vampire2000dc => 39,
backupfromdc => 40,
restoredc => 41,
renamedc => 42,
labdc => 43,
offlinebackupdc => 44,
customdc => 45,
prockilldc => 46,
proclimitdc => 47,
rootdnsforwarder => 64,
# update lib/socket_wrapper/socket_wrapper.c
# #define MAX_WRAPPED_INTERFACES 64
# if you wish to have more than 64 interfaces
);
if (not defined($testenv_iface_mapping{$netbiosname})) {
die();
}
return $testenv_iface_mapping{$netbiosname};
}
sub get_ipv4_addr
{
(my $hostname) = @_;
my $swiface = Samba::get_interface($hostname);
return "127.0.0.$swiface";
}
sub get_ipv6_addr
{
(my $hostname) = @_;
my $swiface = Samba::get_interface($hostname);
return sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
}
sub cleanup_child($$)
{
my ($pid, $name) = @_;
if (!defined($pid)) {
print STDERR "cleanup_child: pid not defined ... not calling waitpid\n";
return -1;
}
my $childpid = waitpid($pid, WNOHANG);
if ($childpid == 0) {
} elsif ($childpid < 0) {
printf STDERR "%s child process %d isn't here any more\n", $name, $pid;
return $childpid;
} elsif ($? & 127) {
printf STDERR "%s child process %d, died with signal %d, %s coredump\n",
$name, $childpid, ($? & 127), ($? & 128) ? 'with' : 'without';
} else {
printf STDERR "%s child process %d exited with value %d\n", $name, $childpid, $? >> 8;
}
return $childpid;
}
sub random_domain_sid()
{
my $domain_sid = "S-1-5-21-". int(rand(4294967295)) . "-" . int(rand(4294967295)) . "-" . int(rand(4294967295));
return $domain_sid;
}
my @exported_envvars = (
# domain stuff
"DOMAIN",
"DNSNAME",
"REALM",
"DOMSID",
# stuff related to a trusted domain
"TRUST_SERVER",
"TRUST_USERNAME",
"TRUST_PASSWORD",
"TRUST_DOMAIN",
"TRUST_REALM",
"TRUST_DOMSID",
# domain controller stuff
"DC_SERVER",
"DC_SERVER_IP",
"DC_SERVER_IPV6",
"DC_NETBIOSNAME",
"DC_NETBIOSALIAS",
# server stuff
"SERVER",
"SERVER_IP",
"SERVER_IPV6",
"NETBIOSNAME",
"NETBIOSALIAS",
"SAMSID",
# only use these 2 as a last resort. Some tests need to test both client-
# side and server-side. In this case, run as default client, ans access
# server's smb.conf as needed, typically using:
# param.LoadParm(filename_for_non_global_lp=os.environ['SERVERCONFFILE'])
"SERVERCONFFILE",
"DC_SERVERCONFFILE",
# user stuff
"USERNAME",
"USERID",
"PASSWORD",
"DC_USERNAME",
"DC_PASSWORD",
# UID/GID for rfc2307 mapping tests
"UID_RFC2307TEST",
"GID_RFC2307TEST",
# misc stuff
"KRB5_CONFIG",
"KRB5CCNAME",
"SELFTEST_WINBINDD_SOCKET_DIR",
"NMBD_SOCKET_DIR",
"LOCAL_PATH",
"DNS_FORWARDER1",
"DNS_FORWARDER2",
"RESOLV_CONF",
"UNACCEPTABLE_PASSWORD",
"LOCK_DIR",
"SMBD_TEST_LOG",
# nss_wrapper
"NSS_WRAPPER_PASSWD",
"NSS_WRAPPER_GROUP",
"NSS_WRAPPER_HOSTS",
"NSS_WRAPPER_HOSTNAME",
"NSS_WRAPPER_MODULE_SO_PATH",
"NSS_WRAPPER_MODULE_FN_PREFIX",
# resolv_wrapper
"RESOLV_WRAPPER_CONF",
"RESOLV_WRAPPER_HOSTS",
);
sub exported_envvars_str
{
my ($testenv_vars) = @_;
my $out = "";
foreach (@exported_envvars) {
next unless defined($testenv_vars->{$_});
$out .= $_."=".$testenv_vars->{$_}."\n";
}
return $out;
}
sub clear_exported_envvars
{
foreach (@exported_envvars) {
delete $ENV{$_};
}
}
sub export_envvars
{
my ($testenv_vars) = @_;
foreach (@exported_envvars) {
if (defined($testenv_vars->{$_})) {
$ENV{$_} = $testenv_vars->{$_};
} else {
delete $ENV{$_};
}
}
}
sub export_envvars_to_file
{
my ($filepath, $testenv_vars) = @_;
my $env_str = exported_envvars_str($testenv_vars);
open(FILE, "> $filepath");
print FILE "$env_str";
close(FILE);
}
1;