1#!/usr/bin/perl 2# Bootstrap Samba and run a number of tests against it. 3# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> 4# Published under the GNU GPL, v3 or later. 5 6# NOTE: Refer to the README for more details about the various testenvs, 7# and tips about adding new testenvs. 8 9package Samba3; 10 11use strict; 12use Cwd qw(abs_path); 13use FindBin qw($RealBin); 14use POSIX; 15use target::Samba; 16use File::Path 'remove_tree'; 17 18sub have_ads($) { 19 my ($self) = @_; 20 my $found_ads = 0; 21 my $smbd_build_options = Samba::bindir_path($self, "smbd") . " -b|"; 22 open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!"); 23 24 while (<IN>) { 25 if (/WITH_ADS/) { 26 $found_ads = 1; 27 } 28 } 29 close IN; 30 31 # If we were not built with ADS support, pretend we were never even available 32 print "smbd does not have ADS support\n" unless $found_ads; 33 return $found_ads; 34} 35 36# return smb.conf parameters applicable to @path, based on the underlying 37# filesystem type 38sub get_fs_specific_conf($$) 39{ 40 my ($self, $path) = @_; 41 my $mods = ""; 42 my $stat_out = `stat --file-system $path` or return ""; 43 44 if ($stat_out =~ m/Type:\s+btrfs/) { 45 $mods .= "streams_xattr btrfs"; 46 } 47 48 if ($mods) { 49 return "vfs objects = $mods"; 50 } 51 52 return undef; 53} 54 55sub new($$) { 56 my ($classname, $bindir, $srcdir, $server_maxtime) = @_; 57 my $self = { vars => {}, 58 bindir => $bindir, 59 srcdir => $srcdir, 60 server_maxtime => $server_maxtime 61 }; 62 bless $self; 63 return $self; 64} 65 66sub teardown_env($$) 67{ 68 my ($self, $envvars) = @_; 69 my $count = 0; 70 71 # This should cause smbd to terminate gracefully 72 close($envvars->{STDIN_PIPE}); 73 74 my $smbdpid = $envvars->{SMBD_TL_PID}; 75 my $nmbdpid = $envvars->{NMBD_TL_PID}; 76 my $winbinddpid = $envvars->{WINBINDD_TL_PID}; 77 78 # This should give it time to write out the gcov data 79 until ($count > 20) { 80 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); 81 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); 82 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); 83 if ($smbdchild == -1 84 && $nmbdchild == -1 85 && $winbinddchild == -1) { 86 last; 87 } 88 sleep(1); 89 $count++; 90 } 91 92 if ($count <= 20 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) { 93 return; 94 } 95 96 $self->stop_sig_term($smbdpid); 97 $self->stop_sig_term($nmbdpid); 98 $self->stop_sig_term($winbinddpid); 99 100 $count = 0; 101 until ($count > 10) { 102 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); 103 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); 104 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); 105 if ($smbdchild == -1 106 && $nmbdchild == -1 107 && $winbinddchild == -1) { 108 last; 109 } 110 sleep(1); 111 $count++; 112 } 113 114 if ($count <= 10 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) { 115 return; 116 } 117 118 warn("timelimit process did not quit on SIGTERM, sending SIGKILL"); 119 $self->stop_sig_kill($smbdpid); 120 $self->stop_sig_kill($nmbdpid); 121 $self->stop_sig_kill($winbinddpid); 122 123 return 0; 124} 125 126sub getlog_env_app($$$) 127{ 128 my ($self, $envvars, $name) = @_; 129 130 my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n"; 131 my $out = $title; 132 133 open(LOG, "<".$envvars->{$name."_TEST_LOG"}); 134 135 seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET); 136 while (<LOG>) { 137 $out .= $_; 138 } 139 $envvars->{$name."_TEST_LOG_POS"} = tell(LOG); 140 close(LOG); 141 142 return "" if $out eq $title; 143 144 return $out; 145} 146 147sub getlog_env($$) 148{ 149 my ($self, $envvars) = @_; 150 my $ret = ""; 151 152 $ret .= $self->getlog_env_app($envvars, "SMBD"); 153 $ret .= $self->getlog_env_app($envvars, "NMBD"); 154 $ret .= $self->getlog_env_app($envvars, "WINBINDD"); 155 156 return $ret; 157} 158 159sub check_env($$) 160{ 161 my ($self, $envvars) = @_; 162 163 my $childpid = waitpid(-1, WNOHANG); 164 165 # TODO ... 166 return 1; 167} 168 169# Declare the environments Samba3 makes available. 170# To be set up, they will be called as 171# samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...) 172%Samba3::ENV_DEPS = ( 173 # name => [dep_1, dep_2, ...], 174 nt4_dc => [], 175 nt4_dc_schannel => [], 176 177 simpleserver => [], 178 fileserver => [], 179 maptoguest => [], 180 ktest => [], 181 182 nt4_member => ["nt4_dc"], 183 184 ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"], 185 ad_member_rfc2307 => ["ad_dc_ntvfs"], 186 ad_member_idmap_rid => ["ad_dc"], 187 ad_member_idmap_ad => ["fl2008r2dc"], 188); 189 190%Samba3::ENV_DEPS_POST = (); 191 192sub setup_nt4_dc 193{ 194 my ($self, $path) = @_; 195 196 print "PROVISIONING NT4 DC..."; 197 198 my $nt4_dc_options = " 199 domain master = yes 200 domain logons = yes 201 lanman auth = yes 202 ntlm auth = yes 203 raw NTLMv2 auth = yes 204 server schannel = auto 205 206 rpc_server:epmapper = external 207 rpc_server:spoolss = external 208 rpc_server:lsarpc = external 209 rpc_server:samr = external 210 rpc_server:netlogon = external 211 rpc_server:register_embedded_np = yes 212 rpc_server:FssagentRpc = external 213 214 rpc_daemon:epmd = fork 215 rpc_daemon:spoolssd = fork 216 rpc_daemon:lsasd = fork 217 rpc_daemon:fssd = fork 218 fss: sequence timeout = 1 219 check parent directory delete on close = yes 220"; 221 222 my $vars = $self->provision($path, "SAMBA-TEST", 223 "LOCALNT4DC2", 224 "localntdc2pass", 225 $nt4_dc_options); 226 227 $vars or return undef; 228 229 if (not $self->check_or_start($vars, "yes", "yes", "yes")) { 230 return undef; 231 } 232 233 $vars->{DOMSID} = $vars->{SAMSID}; 234 $vars->{DC_SERVER} = $vars->{SERVER}; 235 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; 236 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; 237 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; 238 $vars->{DC_USERNAME} = $vars->{USERNAME}; 239 $vars->{DC_PASSWORD} = $vars->{PASSWORD}; 240 241 return $vars; 242} 243 244sub setup_nt4_dc_schannel 245{ 246 my ($self, $path) = @_; 247 248 print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ..."; 249 250 my $pdc_options = " 251 domain master = yes 252 domain logons = yes 253 lanman auth = yes 254 255 rpc_server:epmapper = external 256 rpc_server:spoolss = external 257 rpc_server:lsarpc = external 258 rpc_server:samr = external 259 rpc_server:netlogon = external 260 rpc_server:register_embedded_np = yes 261 262 rpc_daemon:epmd = fork 263 rpc_daemon:spoolssd = fork 264 rpc_daemon:lsasd = fork 265 266 server schannel = yes 267 # used to reproduce bug #12772 268 server max protocol = SMB2_02 269"; 270 271 my $vars = $self->provision($path, "NT4SCHANNEL", 272 "LOCALNT4DC9", 273 "localntdc9pass", 274 $pdc_options); 275 276 $vars or return undef; 277 278 if (not $self->check_or_start($vars, "yes", "yes", "yes")) { 279 return undef; 280 } 281 282 $vars->{DOMSID} = $vars->{SAMSID}; 283 $vars->{DC_SERVER} = $vars->{SERVER}; 284 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; 285 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; 286 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; 287 $vars->{DC_USERNAME} = $vars->{USERNAME}; 288 $vars->{DC_PASSWORD} = $vars->{PASSWORD}; 289 290 return $vars; 291} 292 293sub setup_nt4_member 294{ 295 my ($self, $prefix, $nt4_dc_vars) = @_; 296 my $count = 0; 297 my $rc; 298 299 print "PROVISIONING MEMBER..."; 300 301 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; 302 $require_mutexes = "" if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} eq "1"); 303 304 my $member_options = " 305 security = domain 306 dbwrap_tdb_mutexes:* = yes 307 ${require_mutexes} 308"; 309 my $ret = $self->provision($prefix, $nt4_dc_vars->{DOMAIN}, 310 "LOCALNT4MEMBER3", 311 "localnt4member3pass", 312 $member_options); 313 314 $ret or return undef; 315 316 my $nmblookup = Samba::bindir_path($self, "nmblookup"); 317 do { 318 print "Waiting for the LOGON SERVER registration ...\n"; 319 $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c"); 320 if ($rc != 0) { 321 sleep(1); 322 } 323 $count++; 324 } while ($rc != 0 && $count < 10); 325 if ($count == 10) { 326 print "NMBD not reachable after 10 retries\n"; 327 teardown_env($self, $ret); 328 return 0; 329 } 330 331 my $net = Samba::bindir_path($self, "net"); 332 # Add hosts file for name lookups 333 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 334 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 335 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 336 $cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; 337 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; 338 339 if (system($cmd) != 0) { 340 warn("Join failed\n$cmd"); 341 return undef; 342 } 343 344 # Add hosts file for name lookups 345 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 346 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 347 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 348 $cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'"; 349 350 if (system($cmd) != 0) { 351 warn("check failed\n$cmd"); 352 return undef; 353 } 354 355 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 356 return undef; 357 } 358 359 $ret->{DOMSID} = $nt4_dc_vars->{DOMSID}; 360 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; 361 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; 362 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; 363 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; 364 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; 365 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; 366 367 return $ret; 368} 369 370sub setup_ad_member 371{ 372 my ($self, $prefix, $dcvars, $trustvars_f, $trustvars_e) = @_; 373 374 my $prefix_abs = abs_path($prefix); 375 my @dirs = (); 376 377 # If we didn't build with ADS, pretend this env was never available 378 if (not $self->have_ads()) { 379 return "UNKNOWN"; 380 } 381 382 print "PROVISIONING S3 AD MEMBER..."; 383 384 mkdir($prefix_abs, 0777); 385 386 my $share_dir="$prefix_abs/share"; 387 push(@dirs, $share_dir); 388 389 my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}"; 390 push(@dirs, $substitution_path); 391 392 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice"; 393 push(@dirs, $substitution_path); 394 395 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users"; 396 push(@dirs, $substitution_path); 397 398 # Using '/' as the winbind separator is a bad idea ... 399 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}"; 400 push(@dirs, $substitution_path); 401 402 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice"; 403 push(@dirs, $substitution_path); 404 405 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}"; 406 push(@dirs, $substitution_path); 407 408 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users"; 409 push(@dirs, $substitution_path); 410 411 my $member_options = " 412 security = ads 413 workgroup = $dcvars->{DOMAIN} 414 realm = $dcvars->{REALM} 415 netbios aliases = foo bar 416 template homedir = /home/%D/%G/%U 417 auth event notification = true 418 password server = $dcvars->{SERVER} 419 winbind scan trusted domains = no 420 winbind use krb5 enterprise principals = yes 421 422[sub_dug] 423 path = $share_dir/D_%D/U_%U/G_%G 424 writeable = yes 425 426[sub_dug2] 427 path = $share_dir/D_%D/u_%u/g_%g 428 writeable = yes 429 430[sub_valid_users] 431 path = $share_dir 432 valid users = ADDOMAIN/%U 433 434"; 435 436 my $ret = $self->provision($prefix, $dcvars->{DOMAIN}, 437 "LOCALADMEMBER", 438 "loCalMemberPass", 439 $member_options, 440 $dcvars->{SERVER_IP}, 441 $dcvars->{SERVER_IPV6}); 442 443 $ret or return undef; 444 445 mkdir($_, 0777) foreach(@dirs); 446 447 close(USERMAP); 448 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 449 $ret->{REALM} = $dcvars->{REALM}; 450 $ret->{DOMSID} = $dcvars->{DOMSID}; 451 452 my $ctx; 453 $ctx = {}; 454 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 455 $ctx->{domain} = $dcvars->{DOMAIN}; 456 $ctx->{realm} = $dcvars->{REALM}; 457 $ctx->{dnsname} = lc($dcvars->{REALM}); 458 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 459 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 460 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; 461 Samba::mk_krb5_conf($ctx, ""); 462 463 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 464 $ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF}; 465 466 my $net = Samba::bindir_path($self, "net"); 467 # Add hosts file for name lookups 468 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 469 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 470 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 471 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 472 } else { 473 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 474 } 475 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 476 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 477 $cmd .= "$net join $ret->{CONFIGURATION}"; 478 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 479 480 if (system($cmd) != 0) { 481 warn("Join failed\n$cmd"); 482 return undef; 483 } 484 485 # We need world access to this share, as otherwise the domain 486 # administrator from the AD domain provided by Samba4 can't 487 # access the share for tests. 488 chmod 0777, "$prefix/share"; 489 490 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 491 return undef; 492 } 493 494 $ret->{DC_SERVER} = $dcvars->{SERVER}; 495 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 496 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 497 $ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE}; 498 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 499 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 500 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 501 502 # forest trust 503 $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; 504 $ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP}; 505 $ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6}; 506 $ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME}; 507 $ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME}; 508 $ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD}; 509 $ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN}; 510 $ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM}; 511 512 # external trust 513 $ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER}; 514 $ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP}; 515 $ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6}; 516 $ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME}; 517 $ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME}; 518 $ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD}; 519 $ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN}; 520 $ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM}; 521 522 return $ret; 523} 524 525sub setup_ad_member_rfc2307 526{ 527 my ($self, $prefix, $dcvars) = @_; 528 529 # If we didn't build with ADS, pretend this env was never available 530 if (not $self->have_ads()) { 531 return "UNKNOWN"; 532 } 533 534 print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; 535 536 my $member_options = " 537 security = ads 538 workgroup = $dcvars->{DOMAIN} 539 realm = $dcvars->{REALM} 540 idmap cache time = 0 541 idmap negative cache time = 0 542 idmap config * : backend = autorid 543 idmap config * : range = 1000000-1999999 544 idmap config * : rangesize = 100000 545 idmap config $dcvars->{DOMAIN} : backend = rfc2307 546 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 547 idmap config $dcvars->{DOMAIN} : ldap_server = ad 548 idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com 549 idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com 550 551 password server = $dcvars->{SERVER} 552"; 553 554 my $ret = $self->provision($prefix, $dcvars->{DOMAIN}, 555 "RFC2307MEMBER", 556 "loCalMemberPass", 557 $member_options, 558 $dcvars->{SERVER_IP}, 559 $dcvars->{SERVER_IPV6}); 560 561 $ret or return undef; 562 563 close(USERMAP); 564 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 565 $ret->{REALM} = $dcvars->{REALM}; 566 $ret->{DOMSID} = $dcvars->{DOMSID}; 567 568 my $ctx; 569 my $prefix_abs = abs_path($prefix); 570 $ctx = {}; 571 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 572 $ctx->{domain} = $dcvars->{DOMAIN}; 573 $ctx->{realm} = $dcvars->{REALM}; 574 $ctx->{dnsname} = lc($dcvars->{REALM}); 575 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 576 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 577 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; 578 Samba::mk_krb5_conf($ctx, ""); 579 580 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 581 $ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF}; 582 583 my $net = Samba::bindir_path($self, "net"); 584 # Add hosts file for name lookups 585 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 586 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 587 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 588 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 589 } else { 590 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 591 } 592 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 593 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 594 $cmd .= "$net join $ret->{CONFIGURATION}"; 595 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 596 597 if (system($cmd) != 0) { 598 warn("Join failed\n$cmd"); 599 return undef; 600 } 601 602 # We need world access to this share, as otherwise the domain 603 # administrator from the AD domain provided by Samba4 can't 604 # access the share for tests. 605 chmod 0777, "$prefix/share"; 606 607 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 608 return undef; 609 } 610 611 $ret->{DC_SERVER} = $dcvars->{SERVER}; 612 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 613 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 614 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 615 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 616 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 617 618 return $ret; 619} 620 621sub setup_ad_member_idmap_rid 622{ 623 my ($self, $prefix, $dcvars) = @_; 624 625 # If we didn't build with ADS, pretend this env was never available 626 if (not $self->have_ads()) { 627 return "UNKNOWN"; 628 } 629 630 print "PROVISIONING S3 AD MEMBER WITH idmap_rid config..."; 631 632 my $member_options = " 633 security = ads 634 workgroup = $dcvars->{DOMAIN} 635 realm = $dcvars->{REALM} 636 idmap config * : backend = tdb 637 idmap config * : range = 1000000-1999999 638 idmap config $dcvars->{DOMAIN} : backend = rid 639 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 640 # Prevent overridding the provisioned lib/krb5.conf which sets certain 641 # values required for tests to succeed 642 create krb5 conf = no 643 map to guest = bad user 644"; 645 646 my $ret = $self->provision($prefix, $dcvars->{DOMAIN}, 647 "IDMAPRIDMEMBER", 648 "loCalMemberPass", 649 $member_options, 650 $dcvars->{SERVER_IP}, 651 $dcvars->{SERVER_IPV6}); 652 653 $ret or return undef; 654 655 close(USERMAP); 656 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 657 $ret->{REALM} = $dcvars->{REALM}; 658 $ret->{DOMSID} = $dcvars->{DOMSID}; 659 660 my $ctx; 661 my $prefix_abs = abs_path($prefix); 662 $ctx = {}; 663 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 664 $ctx->{domain} = $dcvars->{DOMAIN}; 665 $ctx->{realm} = $dcvars->{REALM}; 666 $ctx->{dnsname} = lc($dcvars->{REALM}); 667 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 668 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 669 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; 670 Samba::mk_krb5_conf($ctx, ""); 671 672 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 673 $ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF}; 674 675 my $net = Samba::bindir_path($self, "net"); 676 # Add hosts file for name lookups 677 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 678 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 679 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 680 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 681 } else { 682 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 683 } 684 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 685 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 686 $cmd .= "$net join $ret->{CONFIGURATION}"; 687 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 688 689 if (system($cmd) != 0) { 690 warn("Join failed\n$cmd"); 691 return undef; 692 } 693 694 # We need world access to this share, as otherwise the domain 695 # administrator from the AD domain provided by Samba4 can't 696 # access the share for tests. 697 chmod 0777, "$prefix/share"; 698 699 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 700 return undef; 701 } 702 703 $ret->{DC_SERVER} = $dcvars->{SERVER}; 704 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 705 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 706 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 707 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 708 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 709 710 return $ret; 711} 712 713sub setup_ad_member_idmap_ad 714{ 715 my ($self, $prefix, $dcvars) = @_; 716 717 # If we didn't build with ADS, pretend this env was never available 718 if (not $self->have_ads()) { 719 return "UNKNOWN"; 720 } 721 722 print "PROVISIONING S3 AD MEMBER WITH idmap_ad config..."; 723 724 my $member_options = " 725 security = ads 726 workgroup = $dcvars->{DOMAIN} 727 realm = $dcvars->{REALM} 728 password server = $dcvars->{SERVER} 729 idmap config * : backend = tdb 730 idmap config * : range = 1000000-1999999 731 idmap config $dcvars->{DOMAIN} : backend = ad 732 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 733 idmap config $dcvars->{TRUST_DOMAIN} : backend = ad 734 idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 735 gensec_gssapi:requested_life_time = 5 736"; 737 738 my $ret = $self->provision($prefix, $dcvars->{DOMAIN}, 739 "IDMAPADMEMBER", 740 "loCalMemberPass", 741 $member_options, 742 $dcvars->{SERVER_IP}, 743 $dcvars->{SERVER_IPV6}); 744 745 $ret or return undef; 746 747 close(USERMAP); 748 $ret->{DOMAIN} = $dcvars->{DOMAIN}; 749 $ret->{REALM} = $dcvars->{REALM}; 750 $ret->{DOMSID} = $dcvars->{DOMSID}; 751 752 my $ctx; 753 my $prefix_abs = abs_path($prefix); 754 $ctx = {}; 755 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 756 $ctx->{domain} = $dcvars->{DOMAIN}; 757 $ctx->{realm} = $dcvars->{REALM}; 758 $ctx->{dnsname} = lc($dcvars->{REALM}); 759 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; 760 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; 761 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; 762 Samba::mk_krb5_conf($ctx, ""); 763 764 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 765 $ret->{RESOLV_CONF} = $dcvars->{RESOLV_CONF}; 766 767 my $net = Samba::bindir_path($self, "net"); 768 # Add hosts file for name lookups 769 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; 770 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; 771 if (defined($ret->{RESOLV_WRAPPER_CONF})) { 772 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; 773 } else { 774 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; 775 } 776 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; 777 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; 778 $cmd .= "$net join $ret->{CONFIGURATION}"; 779 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; 780 781 if (system($cmd) != 0) { 782 warn("Join failed\n$cmd"); 783 return undef; 784 } 785 786 # We need world access to this share, as otherwise the domain 787 # administrator from the AD domain provided by Samba4 can't 788 # access the share for tests. 789 chmod 0777, "$prefix/share"; 790 791 if (not $self->check_or_start($ret, "yes", "yes", "yes")) { 792 return undef; 793 } 794 795 $ret->{DC_SERVER} = $dcvars->{SERVER}; 796 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; 797 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; 798 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; 799 $ret->{DC_USERNAME} = $dcvars->{USERNAME}; 800 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; 801 802 $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; 803 $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; 804 $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD}; 805 $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN}; 806 $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM}; 807 $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID}; 808 809 return $ret; 810} 811 812sub setup_simpleserver 813{ 814 my ($self, $path) = @_; 815 816 print "PROVISIONING simple server..."; 817 818 my $prefix_abs = abs_path($path); 819 820 my $simpleserver_options = " 821 lanman auth = yes 822 ntlm auth = yes 823 vfs objects = xattr_tdb streams_depot 824 change notify = no 825 smb encrypt = off 826 827[vfs_aio_pthread] 828 path = $prefix_abs/share 829 read only = no 830 vfs objects = aio_pthread 831 aio_pthread:aio open = yes 832 smbd:async dosmode = no 833 834[vfs_aio_pthread_async_dosmode_default1] 835 path = $prefix_abs/share 836 read only = no 837 vfs objects = aio_pthread 838 store dos attributes = yes 839 aio_pthread:aio open = yes 840 smbd:async dosmode = yes 841 842[vfs_aio_pthread_async_dosmode_default2] 843 path = $prefix_abs/share 844 read only = no 845 vfs objects = aio_pthread xattr_tdb 846 store dos attributes = yes 847 aio_pthread:aio open = yes 848 smbd:async dosmode = yes 849 850[vfs_aio_pthread_async_dosmode_force_sync1] 851 path = $prefix_abs/share 852 read only = no 853 vfs objects = aio_pthread 854 store dos attributes = yes 855 aio_pthread:aio open = yes 856 smbd:async dosmode = yes 857 # This simulates non linux systems 858 smbd:force sync user path safe threadpool = yes 859 smbd:force sync user chdir safe threadpool = yes 860 smbd:force sync root path safe threadpool = yes 861 smbd:force sync root chdir safe threadpool = yes 862 863[vfs_aio_pthread_async_dosmode_force_sync2] 864 path = $prefix_abs/share 865 read only = no 866 vfs objects = aio_pthread xattr_tdb 867 store dos attributes = yes 868 aio_pthread:aio open = yes 869 smbd:async dosmode = yes 870 # This simulates non linux systems 871 smbd:force sync user path safe threadpool = yes 872 smbd:force sync user chdir safe threadpool = yes 873 smbd:force sync root path safe threadpool = yes 874 smbd:force sync root chdir safe threadpool = yes 875 876[vfs_aio_fork] 877 path = $prefix_abs/share 878 vfs objects = aio_fork 879 read only = no 880 vfs_aio_fork:erratic_testing_mode=yes 881 882[dosmode] 883 path = $prefix_abs/share 884 vfs objects = 885 store dos attributes = yes 886 hide files = /hidefile/ 887 hide dot files = yes 888 889[enc_desired] 890 path = $prefix_abs/share 891 vfs objects = 892 smb encrypt = desired 893 894[hidenewfiles] 895 path = $prefix_abs/share 896 hide new files timeout = 5 897"; 898 899 my $vars = $self->provision($path, "WORKGROUP", 900 "LOCALSHARE4", 901 "local4pass", 902 $simpleserver_options); 903 904 $vars or return undef; 905 906 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 907 return undef; 908 } 909 910 return $vars; 911} 912 913sub setup_fileserver 914{ 915 my ($self, $path) = @_; 916 my $prefix_abs = abs_path($path); 917 my $srcdir_abs = abs_path($self->{srcdir}); 918 919 print "PROVISIONING file server ...\n"; 920 921 my @dirs = (); 922 923 mkdir($prefix_abs, 0777); 924 925 my $usershare_dir="$prefix_abs/lib/usershare"; 926 927 mkdir("$prefix_abs/lib", 0755); 928 remove_tree($usershare_dir); 929 mkdir($usershare_dir, 01770); 930 931 my $share_dir="$prefix_abs/share"; 932 933 # Create share directory structure 934 my $lower_case_share_dir="$share_dir/lower-case"; 935 push(@dirs, $lower_case_share_dir); 936 937 my $lower_case_share_dir_30000="$share_dir/lower-case-30000"; 938 push(@dirs, $lower_case_share_dir_30000); 939 940 my $dfree_share_dir="$share_dir/dfree"; 941 push(@dirs, $dfree_share_dir); 942 push(@dirs, "$dfree_share_dir/subdir1"); 943 push(@dirs, "$dfree_share_dir/subdir2"); 944 push(@dirs, "$dfree_share_dir/subdir3"); 945 946 my $quotadir_dir="$share_dir/quota"; 947 push(@dirs, $quotadir_dir); 948 949 my $valid_users_sharedir="$share_dir/valid_users"; 950 push(@dirs,$valid_users_sharedir); 951 952 my $offline_sharedir="$share_dir/offline"; 953 push(@dirs,$offline_sharedir); 954 955 my $force_user_valid_users_dir = "$share_dir/force_user_valid_users"; 956 push(@dirs, $force_user_valid_users_dir); 957 958 my $smbget_sharedir="$share_dir/smbget"; 959 push(@dirs,$smbget_sharedir); 960 961 my $tarmode_sharedir="$share_dir/tarmode"; 962 push(@dirs,$tarmode_sharedir); 963 964 my $usershare_sharedir="$share_dir/usershares"; 965 push(@dirs,$usershare_sharedir); 966 967 my $bad_iconv_sharedir="$share_dir/bad_iconv"; 968 push(@dirs, $bad_iconv_sharedir); 969 970 my $fileserver_options = " 971 kernel change notify = yes 972 rpc_server:mdssvc = embedded 973 spotlight backend = elasticsearch 974 elasticsearch:address = 127.0.0.35 975 elasticsearch:port = 8080 976 elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json 977 978 usershare path = $usershare_dir 979 usershare max shares = 10 980 usershare allow guests = yes 981 usershare prefix allow list = $usershare_sharedir 982 983 get quota command = $prefix_abs/getset_quota.py 984 set quota command = $prefix_abs/getset_quota.py 985[spotlight] 986 path = $share_dir 987 spotlight = yes 988 read only = no 989[no_spotlight] 990 path = $share_dir 991 spotlight = no 992 read only = no 993[lowercase] 994 path = $lower_case_share_dir 995 comment = smb username is [%U] 996 case sensitive = True 997 default case = lower 998 preserve case = no 999 short preserve case = no 1000[lowercase-30000] 1001 path = $lower_case_share_dir_30000 1002 comment = smb username is [%U] 1003 case sensitive = True 1004 default case = lower 1005 preserve case = no 1006 short preserve case = no 1007[dfree] 1008 path = $dfree_share_dir 1009 comment = smb username is [%U] 1010 dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh 1011[valid-users-access] 1012 path = $valid_users_sharedir 1013 valid users = +userdup 1014[offline] 1015 path = $offline_sharedir 1016 vfs objects = offline 1017 1018# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878 1019# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651 1020[force_user_valid_users] 1021 path = $force_user_valid_users_dir 1022 comment = force user with valid users combination test share 1023 valid users = +force_user 1024 force user = force_user 1025 force group = everyone 1026 write list = force_user 1027 1028[smbget] 1029 path = $smbget_sharedir 1030 comment = smb username is [%U] 1031 guest ok = yes 1032[ign_sysacls] 1033 path = $share_dir 1034 comment = ignore system acls 1035 acl_xattr:ignore system acls = yes 1036[inherit_owner] 1037 path = $share_dir 1038 comment = inherit owner 1039 inherit owner = yes 1040[inherit_owner_u] 1041 path = $share_dir 1042 comment = inherit only unix owner 1043 inherit owner = unix only 1044 acl_xattr:ignore system acls = yes 1045# BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 1046[force_group_test] 1047 path = $share_dir 1048 comment = force group test 1049# force group = everyone 1050 1051[bad_iconv] 1052 path = $bad_iconv_sharedir 1053 comment = smb username is [%U] 1054 vfs objects = 1055 1056[homes] 1057 comment = Home directories 1058 browseable = No 1059 read only = No 1060"; 1061 1062 my $vars = $self->provision($path, "WORKGROUP", 1063 "FILESERVER", 1064 "fileserver", 1065 $fileserver_options, 1066 undef, 1067 undef, 1068 1); 1069 1070 $vars or return undef; 1071 1072 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 1073 return undef; 1074 } 1075 1076 1077 mkdir($_, 0777) foreach(@dirs); 1078 1079 ## Create case sensitive lower case share dir 1080 foreach my $file ('a'..'z') { 1081 my $full_path = $lower_case_share_dir . '/' . $file; 1082 open my $fh, '>', $full_path; 1083 # Add some content to file 1084 print $fh $full_path; 1085 close $fh; 1086 } 1087 1088 for (my $file = 1; $file < 51; ++$file) { 1089 my $full_path = $lower_case_share_dir . '/' . $file; 1090 open my $fh, '>', $full_path; 1091 # Add some content to file 1092 print $fh $full_path; 1093 close $fh; 1094 } 1095 1096 # Create content for 30000 share 1097 foreach my $file ('a'..'z') { 1098 my $full_path = $lower_case_share_dir_30000 . '/' . $file; 1099 open my $fh, '>', $full_path; 1100 # Add some content to file 1101 print $fh $full_path; 1102 close $fh; 1103 } 1104 1105 for (my $file = 1; $file < 30001; ++$file) { 1106 my $full_path = $lower_case_share_dir_30000 . '/' . $file; 1107 open my $fh, '>', $full_path; 1108 # Add some content to file 1109 print $fh $full_path; 1110 close $fh; 1111 } 1112 1113 ## 1114 ## create a listable file in valid_users_share 1115 ## 1116 my $valid_users_target = "$valid_users_sharedir/foo"; 1117 unless (open(VALID_USERS_TARGET, ">$valid_users_target")) { 1118 warn("Unable to open $valid_users_target"); 1119 return undef; 1120 } 1121 close(VALID_USERS_TARGET); 1122 chmod 0644, $valid_users_target; 1123 1124 ## 1125 ## create a valid utf8 filename which is invalid as a CP850 conversion 1126 ## 1127 my $bad_iconv_target = "$bad_iconv_sharedir/\xED\x9F\xBF"; 1128 unless (open(BAD_ICONV_TARGET, ">$bad_iconv_target")) { 1129 warn("Unable to open $bad_iconv_target"); 1130 return undef; 1131 } 1132 close(BAD_ICONV_TARGET); 1133 chmod 0644, $bad_iconv_target; 1134 1135 return $vars; 1136} 1137 1138sub setup_ktest 1139{ 1140 my ($self, $prefix) = @_; 1141 1142 # If we didn't build with ADS, pretend this env was never available 1143 if (not $self->have_ads()) { 1144 return "UNKNOWN"; 1145 } 1146 1147 print "PROVISIONING server with security=ads..."; 1148 1149 my $ktest_options = " 1150 workgroup = KTEST 1151 realm = ktest.samba.example.com 1152 security = ads 1153 username map = $prefix/lib/username.map 1154 server signing = required 1155 server min protocol = SMB3_00 1156 client max protocol = SMB3 1157 1158 # This disables NTLM auth against the local SAM, which 1159 # we use can then test this setting by. 1160 ntlm auth = disabled 1161"; 1162 1163 my $ret = $self->provision($prefix, "KTEST", 1164 "LOCALKTEST6", 1165 "localktest6pass", 1166 $ktest_options); 1167 1168 $ret or return undef; 1169 1170 my $ctx; 1171 my $prefix_abs = abs_path($prefix); 1172 $ctx = {}; 1173 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; 1174 $ctx->{domain} = "KTEST"; 1175 $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM"; 1176 $ctx->{dnsname} = lc($ctx->{realm}); 1177 $ctx->{kdc_ipv4} = "0.0.0.0"; 1178 $ctx->{kdc_ipv6} = "::"; 1179 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; 1180 Samba::mk_krb5_conf($ctx, ""); 1181 1182 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; 1183 1184 open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); 1185 print USERMAP " 1186$ret->{USERNAME} = KTEST\\Administrator 1187"; 1188 close(USERMAP); 1189 1190#This is the secrets.tdb created by 'net ads join' from Samba3 to a 1191#Samba4 DC with the same parameters as are being used here. The 1192#domain SID is S-1-5-21-1071277805-689288055-3486227160 1193 $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297"; 1194 $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160"; 1195 1196 system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); 1197 chmod 0600, "$prefix/private/secrets.tdb"; 1198 1199#Make sure there's no old ntdb file. 1200 system("rm -f $prefix/private/secrets.ntdb"); 1201 1202#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: 1203# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232" 1204# 1205#and having in krb5.conf: 1206# ticket_lifetime = 799718400 1207# renew_lifetime = 799718400 1208# 1209# The commands for the -2 keytab where were: 1210# kinit administrator@KTEST.SAMBA.EXAMPLE.COM 1211# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM 1212# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM 1213# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM 1214# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM 1215# 1216# and then for the -3 keytab, I did 1217# 1218# net changetrustpw; kdestroy and the same again. 1219# 1220# This creates a credential cache with a very long lifetime (2036 at 1221# at 2011-04), and shows that running 'net changetrustpw' does not 1222# break existing logins (for the secrets.tdb method at least). 1223# 1224 1225 $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; 1226 1227 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); 1228 chmod 0600, "$prefix/krb5_ccache-2"; 1229 1230 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); 1231 chmod 0600, "$prefix/krb5_ccache-3"; 1232 1233 # We need world access to this share, as otherwise the domain 1234 # administrator from the AD domain provided by ktest can't 1235 # access the share for tests. 1236 chmod 0777, "$prefix/share"; 1237 1238 if (not $self->check_or_start($ret, "yes", "no", "yes")) { 1239 return undef; 1240 } 1241 return $ret; 1242} 1243 1244sub setup_maptoguest 1245{ 1246 my ($self, $path) = @_; 1247 1248 print "PROVISIONING maptoguest..."; 1249 1250 my $options = " 1251map to guest = bad user 1252ntlm auth = yes 1253"; 1254 1255 my $vars = $self->provision($path, "WORKGROUP", 1256 "maptoguest", 1257 "maptoguestpass", 1258 $options); 1259 1260 $vars or return undef; 1261 1262 if (not $self->check_or_start($vars, "yes", "no", "yes")) { 1263 return undef; 1264 } 1265 1266 return $vars; 1267} 1268 1269sub stop_sig_term($$) { 1270 my ($self, $pid) = @_; 1271 kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); 1272} 1273 1274sub stop_sig_kill($$) { 1275 my ($self, $pid) = @_; 1276 kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); 1277} 1278 1279sub write_pid($$$) 1280{ 1281 my ($env_vars, $app, $pid) = @_; 1282 1283 open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid"); 1284 print PID $pid; 1285 close(PID); 1286} 1287 1288sub read_pid($$) 1289{ 1290 my ($env_vars, $app) = @_; 1291 1292 open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid"); 1293 my $pid = <PID>; 1294 close(PID); 1295 return $pid; 1296} 1297 1298# builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc) 1299sub make_bin_cmd 1300{ 1301 my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_; 1302 1303 my @optargs = ("-d0"); 1304 if (defined($options)) { 1305 @optargs = split(/ /, $options); 1306 } 1307 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); 1308 1309 if (defined($valgrind)) { 1310 @preargs = split(/ /, $valgrind); 1311 } 1312 my @args = ("-F", "--no-process-group", 1313 "-s", $env_vars->{SERVERCONFFILE}, 1314 "-l", $env_vars->{LOGDIR}); 1315 1316 if (not defined($dont_log_stdout)) { 1317 push(@args, "--log-stdout"); 1318 } 1319 return (@preargs, $binary, @args, @optargs); 1320} 1321 1322sub check_or_start($$$$$) { 1323 my ($self, $env_vars, $nmbd, $winbindd, $smbd) = @_; 1324 my $STDIN_READER; 1325 1326 # use a pipe for stdin in the child processes. This allows 1327 # those processes to monitor the pipe for EOF to ensure they 1328 # exit when the test script exits 1329 pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); 1330 1331 my $binary = Samba::bindir_path($self, "nmbd"); 1332 my @full_cmd = $self->make_bin_cmd($binary, $env_vars, 1333 $ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND}, 1334 $ENV{NMBD_DONT_LOG_STDOUT}); 1335 my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars); 1336 delete $nmbd_envs->{RESOLV_WRAPPER_CONF}; 1337 delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS}; 1338 1339 # fork and exec() nmbd in the child process 1340 my $daemon_ctx = { 1341 NAME => "nmbd", 1342 BINARY_PATH => $binary, 1343 FULL_CMD => [ @full_cmd ], 1344 LOG_FILE => $env_vars->{NMBD_TEST_LOG}, 1345 ENV_VARS => $nmbd_envs, 1346 }; 1347 if ($nmbd ne "yes") { 1348 $daemon_ctx->{SKIP_DAEMON} = 1; 1349 } 1350 my $pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER); 1351 1352 $env_vars->{NMBD_TL_PID} = $pid; 1353 write_pid($env_vars, "nmbd", $pid); 1354 1355 $binary = Samba::bindir_path($self, "winbindd"); 1356 @full_cmd = $self->make_bin_cmd($binary, $env_vars, 1357 $ENV{WINBINDD_OPTIONS}, $ENV{WINBINDD_VALGRIND}, "N/A"); 1358 1359 if (not defined($ENV{WINBINDD_DONT_LOG_STDOUT})) { 1360 push(@full_cmd, "--stdout"); 1361 } 1362 1363 # fork and exec() winbindd in the child process 1364 $daemon_ctx = { 1365 NAME => "winbindd", 1366 BINARY_PATH => $binary, 1367 FULL_CMD => [ @full_cmd ], 1368 LOG_FILE => $env_vars->{WINBINDD_TEST_LOG}, 1369 }; 1370 if ($winbindd ne "yes") { 1371 $daemon_ctx->{SKIP_DAEMON} = 1; 1372 } 1373 my $pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER); 1374 1375 $env_vars->{WINBINDD_TL_PID} = $pid; 1376 write_pid($env_vars, "winbindd", $pid); 1377 1378 $binary = Samba::bindir_path($self, "smbd"); 1379 @full_cmd = $self->make_bin_cmd($binary, $env_vars, 1380 $ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND}, 1381 $ENV{SMBD_DONT_LOG_STDOUT}); 1382 1383 # fork and exec() smbd in the child process 1384 $daemon_ctx = { 1385 NAME => "smbd", 1386 BINARY_PATH => $binary, 1387 FULL_CMD => [ @full_cmd ], 1388 LOG_FILE => $env_vars->{SMBD_TEST_LOG}, 1389 }; 1390 if ($smbd ne "yes") { 1391 $daemon_ctx->{SKIP_DAEMON} = 1; 1392 } 1393 1394 my $pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER); 1395 1396 $env_vars->{SMBD_TL_PID} = $pid; 1397 write_pid($env_vars, "smbd", $pid); 1398 1399 # close the parent's read-end of the pipe 1400 close(STDIN_READER); 1401 1402 return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd); 1403} 1404 1405sub createuser($$$$$) 1406{ 1407 my ($self, $username, $password, $conffile, $env) = @_; 1408 my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null"; 1409 1410 keys %$env; 1411 while(my($var, $val) = each %$env) { 1412 $cmd = "$var=\"$val\" $cmd"; 1413 } 1414 1415 unless (open(PWD, "|$cmd")) { 1416 warn("Unable to set password for $username account\n$cmd"); 1417 return undef; 1418 } 1419 print PWD "$password\n$password\n"; 1420 unless (close(PWD)) { 1421 warn("Unable to set password for $username account\n$cmd"); 1422 return undef; 1423 } 1424} 1425 1426sub provision($$$$$$$$$) 1427{ 1428 my ($self, $prefix, $domain, $server, $password, $extra_options, $dc_server_ip, $dc_server_ipv6, $no_delete_prefix) = @_; 1429 1430 ## 1431 ## setup the various environment variables we need 1432 ## 1433 1434 my $samsid = Samba::random_domain_sid(); 1435 my $swiface = Samba::get_interface($server); 1436 my %ret = (); 1437 my %createuser_env = (); 1438 my $server_ip = Samba::get_ipv4_addr($server); 1439 my $server_ipv6 = Samba::get_ipv6_addr($server); 1440 1441 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`); 1442 chomp $unix_name; 1443 my $unix_uid = $>; 1444 my $unix_gids_str = $); 1445 my @unix_gids = split(" ", $unix_gids_str); 1446 1447 my $prefix_abs = abs_path($prefix); 1448 my $bindir_abs = abs_path($self->{bindir}); 1449 1450 my @dirs = (); 1451 1452 my $shrdir="$prefix_abs/share"; 1453 push(@dirs,$shrdir); 1454 1455 my $libdir="$prefix_abs/lib"; 1456 push(@dirs,$libdir); 1457 1458 my $piddir="$prefix_abs/pid"; 1459 push(@dirs,$piddir); 1460 1461 my $privatedir="$prefix_abs/private"; 1462 push(@dirs,$privatedir); 1463 1464 my $cachedir = "$prefix_abs/cachedir"; 1465 push(@dirs, $cachedir); 1466 1467 my $binddnsdir = "$prefix_abs/bind-dns"; 1468 push(@dirs, $binddnsdir); 1469 1470 my $lockdir="$prefix_abs/lockdir"; 1471 push(@dirs,$lockdir); 1472 1473 my $eventlogdir="$prefix_abs/lockdir/eventlog"; 1474 push(@dirs,$eventlogdir); 1475 1476 my $logdir="$prefix_abs/logs"; 1477 push(@dirs,$logdir); 1478 1479 my $driver32dir="$shrdir/W32X86"; 1480 push(@dirs,$driver32dir); 1481 1482 my $driver64dir="$shrdir/x64"; 1483 push(@dirs,$driver64dir); 1484 1485 my $driver40dir="$shrdir/WIN40"; 1486 push(@dirs,$driver40dir); 1487 1488 my $ro_shrdir="$shrdir/root-tmp"; 1489 push(@dirs,$ro_shrdir); 1490 1491 my $noperm_shrdir="$shrdir/noperm-tmp"; 1492 push(@dirs,$noperm_shrdir); 1493 1494 my $msdfs_shrdir="$shrdir/msdfsshare"; 1495 push(@dirs,$msdfs_shrdir); 1496 1497 my $msdfs_deeppath="$msdfs_shrdir/deeppath"; 1498 push(@dirs,$msdfs_deeppath); 1499 1500 my $badnames_shrdir="$shrdir/badnames"; 1501 push(@dirs,$badnames_shrdir); 1502 1503 my $lease1_shrdir="$shrdir/SMB2_10"; 1504 push(@dirs,$lease1_shrdir); 1505 1506 my $lease2_shrdir="$shrdir/SMB3_00"; 1507 push(@dirs,$lease2_shrdir); 1508 1509 my $manglenames_shrdir="$shrdir/manglenames"; 1510 push(@dirs,$manglenames_shrdir); 1511 1512 my $widelinks_shrdir="$shrdir/widelinks"; 1513 push(@dirs,$widelinks_shrdir); 1514 1515 my $widelinks_linkdir="$shrdir/widelinks_foo"; 1516 push(@dirs,$widelinks_linkdir); 1517 1518 my $fsrvp_shrdir="$shrdir/fsrvp"; 1519 push(@dirs,$fsrvp_shrdir); 1520 1521 my $shadow_tstdir="$shrdir/shadow"; 1522 push(@dirs,$shadow_tstdir); 1523 my $shadow_mntdir="$shadow_tstdir/mount"; 1524 push(@dirs,$shadow_mntdir); 1525 my $shadow_basedir="$shadow_mntdir/base"; 1526 push(@dirs,$shadow_basedir); 1527 my $shadow_shrdir="$shadow_basedir/share"; 1528 push(@dirs,$shadow_shrdir); 1529 1530 my $nosymlinks_shrdir="$shrdir/nosymlinks"; 1531 push(@dirs,$nosymlinks_shrdir); 1532 1533 my $local_symlinks_shrdir="$shrdir/local_symlinks"; 1534 push(@dirs,$local_symlinks_shrdir); 1535 1536 # this gets autocreated by winbindd 1537 my $wbsockdir="$prefix_abs/winbindd"; 1538 1539 my $nmbdsockdir="$prefix_abs/nmbd"; 1540 unlink($nmbdsockdir); 1541 1542 ## 1543 ## create the test directory layout 1544 ## 1545 die ("prefix_abs = ''") if $prefix_abs eq ""; 1546 die ("prefix_abs = '/'") if $prefix_abs eq "/"; 1547 1548 mkdir($prefix_abs, 0777); 1549 print "CREATE TEST ENVIRONMENT IN '$prefix'..."; 1550 if (not defined($no_delete_prefix) or not $no_delete_prefix) { 1551 system("rm -rf $prefix_abs/*"); 1552 } 1553 mkdir($_, 0777) foreach(@dirs); 1554 1555 my $fs_specific_conf = $self->get_fs_specific_conf($shrdir); 1556 1557 ## 1558 ## lockdir and piddir must be 0755 1559 ## 1560 chmod 0755, $lockdir; 1561 chmod 0755, $piddir; 1562 1563 1564 ## 1565 ## Create a directory without permissions to enter 1566 ## 1567 chmod 0000, $noperm_shrdir; 1568 1569 ## 1570 ## create ro and msdfs share layout 1571 ## 1572 1573 chmod 0755, $ro_shrdir; 1574 my $unreadable_file = "$ro_shrdir/unreadable_file"; 1575 unless (open(UNREADABLE_FILE, ">$unreadable_file")) { 1576 warn("Unable to open $unreadable_file"); 1577 return undef; 1578 } 1579 close(UNREADABLE_FILE); 1580 chmod 0600, $unreadable_file; 1581 1582 my $msdfs_target = "$ro_shrdir/msdfs-target"; 1583 unless (open(MSDFS_TARGET, ">$msdfs_target")) { 1584 warn("Unable to open $msdfs_target"); 1585 return undef; 1586 } 1587 close(MSDFS_TARGET); 1588 chmod 0666, $msdfs_target; 1589 symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp", 1590 "$msdfs_shrdir/msdfs-src1"; 1591 symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; 1592 1593 ## 1594 ## create bad names in $badnames_shrdir 1595 ## 1596 ## (An invalid name, would be mangled to 8.3). 1597 my $badname_target = "$badnames_shrdir/\340|\231\216\377\177"; 1598 unless (open(BADNAME_TARGET, ">$badname_target")) { 1599 warn("Unable to open $badname_target"); 1600 return undef; 1601 } 1602 close(BADNAME_TARGET); 1603 chmod 0666, $badname_target; 1604 1605 ## (A bad name, would not be mangled to 8.3). 1606 my $badname_target = "$badnames_shrdir/\240\276\346\327\377\177"; 1607 unless (open(BADNAME_TARGET, ">$badname_target")) { 1608 warn("Unable to open $badname_target"); 1609 return undef; 1610 } 1611 close(BADNAME_TARGET); 1612 chmod 0666, $badname_target; 1613 1614 ## (A bad good name). 1615 my $badname_target = "$badnames_shrdir/blank.txt"; 1616 unless (open(BADNAME_TARGET, ">$badname_target")) { 1617 warn("Unable to open $badname_target"); 1618 return undef; 1619 } 1620 close(BADNAME_TARGET); 1621 chmod 0666, $badname_target; 1622 1623 ## 1624 ## create mangleable directory names in $manglenames_shrdir 1625 ## 1626 my $manglename_target = "$manglenames_shrdir/foo:bar"; 1627 mkdir($manglename_target, 0777); 1628 1629 ## 1630 ## create symlinks for widelinks tests. 1631 ## 1632 my $widelinks_target = "$widelinks_linkdir/target"; 1633 unless (open(WIDELINKS_TARGET, ">$widelinks_target")) { 1634 warn("Unable to open $widelinks_target"); 1635 return undef; 1636 } 1637 close(WIDELINKS_TARGET); 1638 chmod 0666, $widelinks_target; 1639 ## 1640 ## This link should get ACCESS_DENIED 1641 ## 1642 symlink "$widelinks_target", "$widelinks_shrdir/source"; 1643 ## 1644 ## This link should be allowed 1645 ## 1646 symlink "$widelinks_shrdir", "$widelinks_shrdir/dot"; 1647 1648 my $conffile="$libdir/server.conf"; 1649 my $dfqconffile="$libdir/dfq.conf"; 1650 my $errorinjectconf="$libdir/error_inject.conf"; 1651 my $delayinjectconf="$libdir/delay_inject.conf"; 1652 my $globalinjectconf="$libdir/global_inject.conf"; 1653 1654 my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl"; 1655 my $nss_wrapper_passwd = "$privatedir/passwd"; 1656 my $nss_wrapper_group = "$privatedir/group"; 1657 my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts"; 1658 my $resolv_conf = "$privatedir/resolv.conf"; 1659 my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file"; 1660 1661 my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl"; 1662 1663 my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl"; 1664 1665 my @eventlog_list = ("dns server", "application"); 1666 1667 ## 1668 ## calculate uids and gids 1669 ## 1670 1671 my ($max_uid, $max_gid); 1672 my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup); 1673 my ($uid_pdbtest_wkn); 1674 my ($uid_smbget); 1675 my ($uid_force_user); 1676 my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins); 1677 my ($gid_userdup, $gid_everyone); 1678 my ($gid_force_user); 1679 my ($uid_user1); 1680 my ($uid_user2); 1681 my ($uid_gooduser); 1682 my ($uid_eviluser); 1683 my ($uid_slashuser); 1684 1685 if ($unix_uid < 0xffff - 13) { 1686 $max_uid = 0xffff; 1687 } else { 1688 $max_uid = $unix_uid; 1689 } 1690 1691 $uid_root = $max_uid - 1; 1692 $uid_nobody = $max_uid - 2; 1693 $uid_pdbtest = $max_uid - 3; 1694 $uid_pdbtest2 = $max_uid - 4; 1695 $uid_userdup = $max_uid - 5; 1696 $uid_pdbtest_wkn = $max_uid - 6; 1697 $uid_force_user = $max_uid - 7; 1698 $uid_smbget = $max_uid - 8; 1699 $uid_user1 = $max_uid - 9; 1700 $uid_user2 = $max_uid - 10; 1701 $uid_gooduser = $max_uid - 11; 1702 $uid_eviluser = $max_uid - 12; 1703 $uid_slashuser = $max_uid - 13; 1704 1705 if ($unix_gids[0] < 0xffff - 8) { 1706 $max_gid = 0xffff; 1707 } else { 1708 $max_gid = $unix_gids[0]; 1709 } 1710 1711 $gid_nobody = $max_gid - 1; 1712 $gid_nogroup = $max_gid - 2; 1713 $gid_root = $max_gid - 3; 1714 $gid_domusers = $max_gid - 4; 1715 $gid_domadmins = $max_gid - 5; 1716 $gid_userdup = $max_gid - 6; 1717 $gid_everyone = $max_gid - 7; 1718 $gid_force_user = $max_gid - 8; 1719 1720 ## 1721 ## create conffile 1722 ## 1723 1724 unless (open(CONF, ">$conffile")) { 1725 warn("Unable to open $conffile"); 1726 return undef; 1727 } 1728 1729 my $interfaces = Samba::get_interfaces_config($server); 1730 1731 print CONF " 1732[global] 1733 dcesrv:fuzz directory = $cachedir/fuzz 1734 netbios name = $server 1735 interfaces = $interfaces 1736 bind interfaces only = yes 1737 panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) 1738 smbd:suicide mode = yes 1739 1740 client min protocol = CORE 1741 server min protocol = LANMAN1 1742 1743 workgroup = $domain 1744 1745 private dir = $privatedir 1746 binddns dir = $binddnsdir 1747 pid directory = $piddir 1748 lock directory = $lockdir 1749 log file = $logdir/log.\%m 1750 log level = 1 1751 debug pid = yes 1752 max log size = 0 1753 1754 state directory = $lockdir 1755 cache directory = $lockdir 1756 1757 passdb backend = tdbsam 1758 1759 time server = yes 1760 1761 add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup 1762 add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g 1763 add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup 1764 add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group 1765 delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u 1766 delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g 1767 delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group 1768 1769 addprinter command = $mod_printer_pl -a -s $conffile -- 1770 deleteprinter command = $mod_printer_pl -d -s $conffile -- 1771 1772 eventlog list = application \"dns server\" 1773 1774 kernel oplocks = no 1775 kernel change notify = no 1776 1777 logging = file 1778 printing = bsd 1779 printcap name = /dev/null 1780 1781 winbindd socket directory = $wbsockdir 1782 nmbd:socket dir = $nmbdsockdir 1783 idmap config * : range = 100000-200000 1784 winbind enum users = yes 1785 winbind enum groups = yes 1786 winbind separator = / 1787 include system krb5 conf = no 1788 1789# min receivefile size = 4000 1790 1791 read only = no 1792 1793 smbd:sharedelay = 100000 1794 smbd:writetimeupdatedelay = 500000 1795 map hidden = no 1796 map system = no 1797 map readonly = no 1798 store dos attributes = yes 1799 create mask = 755 1800 dos filemode = yes 1801 strict rename = yes 1802 strict sync = yes 1803 mangled names = yes 1804 vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit 1805 1806 full_audit:syslog = no 1807 full_audit:success = none 1808 full_audit:failure = none 1809 1810 printing = vlp 1811 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s 1812 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p 1813 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j 1814 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j 1815 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j 1816 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p 1817 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p 1818 lpq cache time = 0 1819 print notify backchannel = yes 1820 1821 ncalrpc dir = $prefix_abs/ncalrpc 1822 1823 # The samba3.blackbox.smbclient_s3 test uses this to test that 1824 # sending messages works, and that the %m sub works. 1825 message command = mv %s $shrdir/message.%m 1826 1827 # fsrvp server requires registry shares 1828 registry shares = yes 1829 1830 # Used by RPC SRVSVC tests 1831 add share command = $bindir_abs/smbaddshare 1832 change share command = $bindir_abs/smbchangeshare 1833 delete share command = $bindir_abs/smbdeleteshare 1834 1835 # fruit:copyfile is a global option 1836 fruit:copyfile = yes 1837 1838 #this does not mean that we use non-secure test env, 1839 #it just means we ALLOW one to be configured. 1840 allow insecure wide links = yes 1841 1842 include = $globalinjectconf 1843 1844 # Begin extra options 1845 $extra_options 1846 # End extra options 1847 1848 #Include user defined custom parameters if set 1849"; 1850 1851 if (defined($ENV{INCLUDE_CUSTOM_CONF})) { 1852 print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n"; 1853 } 1854 1855 print CONF " 1856[tmp] 1857 path = $shrdir 1858 comment = smb username is [%U] 1859[tmpsort] 1860 path = $shrdir 1861 comment = Load dirsort module 1862 vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot 1863[tmpenc] 1864 path = $shrdir 1865 comment = encrypt smb username is [%U] 1866 smb encrypt = required 1867 vfs objects = dirsort 1868[tmpguest] 1869 path = $shrdir 1870 guest ok = yes 1871[guestonly] 1872 path = $shrdir 1873 guest only = yes 1874 guest ok = yes 1875[forceuser] 1876 path = $shrdir 1877 force user = $unix_name 1878 guest ok = yes 1879[forceuser_unixonly] 1880 comment = force a user with unix user SID and group SID 1881 path = $shrdir 1882 force user = pdbtest 1883 guest ok = yes 1884[forceuser_wkngroup] 1885 comment = force a user with well-known group SID 1886 path = $shrdir 1887 force user = pdbtest_wkn 1888 guest ok = yes 1889[forcegroup] 1890 path = $shrdir 1891 force group = nogroup 1892 guest ok = yes 1893[ro-tmp] 1894 path = $ro_shrdir 1895 guest ok = yes 1896[noperm] 1897 path = $noperm_shrdir 1898 wide links = yes 1899 guest ok = yes 1900[write-list-tmp] 1901 path = $shrdir 1902 read only = yes 1903 write list = $unix_name 1904[valid-users-tmp] 1905 path = $shrdir 1906 valid users = $unix_name 1907 access based share enum = yes 1908[msdfs-share] 1909 path = $msdfs_shrdir 1910 msdfs root = yes 1911 msdfs shuffle referrals = yes 1912 guest ok = yes 1913[hideunread] 1914 copy = tmp 1915 hide unreadable = yes 1916[tmpcase] 1917 copy = tmp 1918 case sensitive = yes 1919[hideunwrite] 1920 copy = tmp 1921 hide unwriteable files = yes 1922[durable] 1923 copy = tmp 1924 kernel share modes = no 1925 kernel oplocks = no 1926 posix locking = no 1927[fs_specific] 1928 copy = tmp 1929 $fs_specific_conf 1930[print1] 1931 copy = tmp 1932 printable = yes 1933 1934[print2] 1935 copy = print1 1936[print3] 1937 copy = print1 1938 default devmode = no 1939[lp] 1940 copy = print1 1941 1942[nfs4acl_simple_40] 1943 path = $shrdir 1944 comment = smb username is [%U] 1945 nfs4:mode = simple 1946 nfs4acl_xattr:version = 40 1947 vfs objects = nfs4acl_xattr xattr_tdb 1948 1949[nfs4acl_special_40] 1950 path = $shrdir 1951 comment = smb username is [%U] 1952 nfs4:mode = special 1953 nfs4acl_xattr:version = 40 1954 vfs objects = nfs4acl_xattr xattr_tdb 1955 1956[nfs4acl_simple_41] 1957 path = $shrdir 1958 comment = smb username is [%U] 1959 nfs4:mode = simple 1960 vfs objects = nfs4acl_xattr xattr_tdb 1961 1962[nfs4acl_xdr_40] 1963 path = $shrdir 1964 comment = smb username is [%U] 1965 vfs objects = nfs4acl_xattr xattr_tdb 1966 nfs4:mode = simple 1967 nfs4acl_xattr:encoding = xdr 1968 nfs4acl_xattr:version = 40 1969 1970[nfs4acl_xdr_41] 1971 path = $shrdir 1972 comment = smb username is [%U] 1973 vfs objects = nfs4acl_xattr xattr_tdb 1974 nfs4:mode = simple 1975 nfs4acl_xattr:encoding = xdr 1976 nfs4acl_xattr:version = 41 1977 1978[nfs4acl_nfs_40] 1979 path = $shrdir 1980 comment = smb username is [%U] 1981 vfs objects = nfs4acl_xattr xattr_tdb 1982 nfs4:mode = simple 1983 nfs4acl_xattr:encoding = nfs 1984 nfs4acl_xattr:version = 40 1985 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr 1986 1987[nfs4acl_nfs_41] 1988 path = $shrdir 1989 comment = smb username is [%U] 1990 vfs objects = nfs4acl_xattr xattr_tdb 1991 nfs4:mode = simple 1992 nfs4acl_xattr:encoding = nfs 1993 nfs4acl_xattr:version = 41 1994 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr 1995 1996[xcopy_share] 1997 path = $shrdir 1998 comment = smb username is [%U] 1999 create mask = 777 2000 force create mode = 777 2001[posix_share] 2002 path = $shrdir 2003 comment = smb username is [%U] 2004 create mask = 0777 2005 force create mode = 0 2006 directory mask = 0777 2007 force directory mode = 0 2008 vfs objects = xattr_tdb streams_depot 2009[aio] 2010 copy = tmp 2011 aio read size = 1 2012 aio write size = 1 2013 2014[print\$] 2015 copy = tmp 2016 2017[vfs_fruit] 2018 path = $shrdir 2019 vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb 2020 fruit:resource = file 2021 fruit:metadata = netatalk 2022 fruit:locking = netatalk 2023 fruit:encoding = native 2024 fruit:veto_appledouble = no 2025 2026[vfs_fruit_xattr] 2027 path = $shrdir 2028 # This is used by vfs.fruit tests that require real fs xattr 2029 vfs objects = catia fruit streams_xattr acl_xattr 2030 fruit:resource = file 2031 fruit:metadata = netatalk 2032 fruit:locking = netatalk 2033 fruit:encoding = native 2034 fruit:veto_appledouble = no 2035 2036[vfs_fruit_metadata_stream] 2037 path = $shrdir 2038 vfs objects = fruit streams_xattr acl_xattr xattr_tdb 2039 fruit:resource = file 2040 fruit:metadata = stream 2041 fruit:veto_appledouble = no 2042 2043[vfs_fruit_stream_depot] 2044 path = $shrdir 2045 vfs objects = fruit streams_depot acl_xattr xattr_tdb 2046 fruit:resource = stream 2047 fruit:metadata = stream 2048 fruit:veto_appledouble = no 2049 2050[vfs_wo_fruit] 2051 path = $shrdir 2052 vfs objects = streams_xattr acl_xattr xattr_tdb 2053 2054[vfs_wo_fruit_stream_depot] 2055 path = $shrdir 2056 vfs objects = streams_depot acl_xattr xattr_tdb 2057 2058[vfs_fruit_timemachine] 2059 path = $shrdir 2060 vfs objects = fruit streams_xattr acl_xattr xattr_tdb 2061 fruit:resource = file 2062 fruit:metadata = stream 2063 fruit:time machine = yes 2064 fruit:time machine max size = 32K 2065 2066[vfs_fruit_wipe_intentionally_left_blank_rfork] 2067 path = $shrdir 2068 vfs objects = fruit streams_xattr acl_xattr xattr_tdb 2069 fruit:resource = file 2070 fruit:metadata = stream 2071 fruit:wipe_intentionally_left_blank_rfork = true 2072 fruit:delete_empty_adfiles = false 2073 fruit:veto_appledouble = no 2074 2075[vfs_fruit_delete_empty_adfiles] 2076 path = $shrdir 2077 vfs objects = fruit streams_xattr acl_xattr xattr_tdb 2078 fruit:resource = file 2079 fruit:metadata = stream 2080 fruit:wipe_intentionally_left_blank_rfork = true 2081 fruit:delete_empty_adfiles = true 2082 fruit:veto_appledouble = no 2083 2084[vfs_fruit_zero_fileid] 2085 path = $shrdir 2086 vfs objects = fruit streams_xattr acl_xattr xattr_tdb 2087 fruit:resource = file 2088 fruit:metadata = stream 2089 fruit:zero_file_id=yes 2090 2091[badname-tmp] 2092 path = $badnames_shrdir 2093 guest ok = yes 2094 2095[manglenames_share] 2096 path = $manglenames_shrdir 2097 guest ok = yes 2098 2099[dynamic_share] 2100 path = $shrdir/%R 2101 guest ok = yes 2102 2103[widelinks_share] 2104 path = $widelinks_shrdir 2105 wide links = no 2106 guest ok = yes 2107 2108[fsrvp_share] 2109 path = $fsrvp_shrdir 2110 comment = fake shapshots using rsync 2111 vfs objects = shell_snap shadow_copy2 2112 shell_snap:check path command = $fake_snap_pl --check 2113 shell_snap:create command = $fake_snap_pl --create 2114 shell_snap:delete command = $fake_snap_pl --delete 2115 # a relative path here fails, the snapshot dir is no longer found 2116 shadow:snapdir = $fsrvp_shrdir/.snapshots 2117 2118[shadow1] 2119 path = $shadow_shrdir 2120 comment = previous versions snapshots under mount point 2121 vfs objects = shadow_copy2 2122 shadow:mountpoint = $shadow_mntdir 2123 2124[shadow2] 2125 path = $shadow_shrdir 2126 comment = previous versions snapshots outside mount point 2127 vfs objects = shadow_copy2 2128 shadow:mountpoint = $shadow_mntdir 2129 shadow:snapdir = $shadow_tstdir/.snapshots 2130 2131[shadow3] 2132 path = $shadow_shrdir 2133 comment = previous versions with subvolume snapshots, snapshots under base dir 2134 vfs objects = shadow_copy2 2135 shadow:mountpoint = $shadow_mntdir 2136 shadow:basedir = $shadow_basedir 2137 shadow:snapdir = $shadow_basedir/.snapshots 2138 2139[shadow4] 2140 path = $shadow_shrdir 2141 comment = previous versions with subvolume snapshots, snapshots outside mount point 2142 vfs objects = shadow_copy2 2143 shadow:mountpoint = $shadow_mntdir 2144 shadow:basedir = $shadow_basedir 2145 shadow:snapdir = $shadow_tstdir/.snapshots 2146 2147[shadow5] 2148 path = $shadow_shrdir 2149 comment = previous versions at volume root snapshots under mount point 2150 vfs objects = shadow_copy2 2151 shadow:mountpoint = $shadow_shrdir 2152 2153[shadow6] 2154 path = $shadow_shrdir 2155 comment = previous versions at volume root snapshots outside mount point 2156 vfs objects = shadow_copy2 2157 shadow:mountpoint = $shadow_shrdir 2158 shadow:snapdir = $shadow_tstdir/.snapshots 2159 2160[shadow7] 2161 path = $shadow_shrdir 2162 comment = previous versions snapshots everywhere 2163 vfs objects = shadow_copy2 2164 shadow:mountpoint = $shadow_mntdir 2165 shadow:snapdirseverywhere = yes 2166 2167[shadow8] 2168 path = $shadow_shrdir 2169 comment = previous versions using snapsharepath 2170 vfs objects = shadow_copy2 2171 shadow:mountpoint = $shadow_mntdir 2172 shadow:snapdir = $shadow_tstdir/.snapshots 2173 shadow:snapsharepath = share 2174 2175[shadow_fmt0] 2176 comment = Testing shadow:format with default option 2177 vfs object = shadow_copy2 2178 path = $shadow_shrdir 2179 read only = no 2180 guest ok = yes 2181 shadow:mountpoint = $shadow_mntdir 2182 shadow:basedir = $shadow_basedir 2183 shadow:snapdir = $shadow_basedir/.snapshots 2184 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S 2185 2186[shadow_fmt1] 2187 comment = Testing shadow:format with only date component 2188 vfs object = shadow_copy2 2189 path = $shadow_shrdir 2190 read only = no 2191 guest ok = yes 2192 shadow:mountpoint = $shadow_mntdir 2193 shadow:basedir = $shadow_basedir 2194 shadow:snapdir = $shadow_basedir/.snapshots 2195 shadow:format = \@GMT-%Y-%m-%d 2196 2197[shadow_fmt2] 2198 comment = Testing shadow:format with some hardcoded prefix 2199 vfs object = shadow_copy2 2200 path = $shadow_shrdir 2201 read only = no 2202 guest ok = yes 2203 shadow:mountpoint = $shadow_mntdir 2204 shadow:basedir = $shadow_basedir 2205 shadow:snapdir = $shadow_basedir/.snapshots 2206 shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S 2207 2208[shadow_fmt3] 2209 comment = Testing shadow:format with modified format 2210 vfs object = shadow_copy2 2211 path = $shadow_shrdir 2212 read only = no 2213 guest ok = yes 2214 shadow:mountpoint = $shadow_mntdir 2215 shadow:basedir = $shadow_basedir 2216 shadow:snapdir = $shadow_basedir/.snapshots 2217 shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap 2218 2219[shadow_fmt4] 2220 comment = Testing shadow:snapprefix regex 2221 vfs object = shadow_copy2 2222 path = $shadow_shrdir 2223 read only = no 2224 guest ok = yes 2225 shadow:mountpoint = $shadow_mntdir 2226 shadow:basedir = $shadow_basedir 2227 shadow:snapdir = $shadow_basedir/.snapshots 2228 shadow:snapprefix = \^s[a-z]*p\$ 2229 shadow:format = _GMT-%Y.%m.%d-%H.%M.%S 2230 2231[shadow_fmt5] 2232 comment = Testing shadow:snapprefix with delim regex 2233 vfs object = shadow_copy2 2234 path = $shadow_shrdir 2235 read only = no 2236 guest ok = yes 2237 shadow:mountpoint = $shadow_mntdir 2238 shadow:basedir = $shadow_basedir 2239 shadow:snapdir = $shadow_basedir/.snapshots 2240 shadow:delimiter = \@GMT 2241 shadow:snapprefix = [a-z]* 2242 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S 2243 2244[shadow_wl] 2245 path = $shadow_shrdir 2246 comment = previous versions with wide links allowed 2247 vfs objects = shadow_copy2 2248 shadow:mountpoint = $shadow_mntdir 2249 wide links = yes 2250 2251[shadow_write] 2252 path = $shadow_tstdir 2253 comment = previous versions snapshots under mount point 2254 vfs objects = shadow_copy2 streams_xattr error_inject 2255 aio write size = 0 2256 error_inject:pwrite = EBADF 2257 shadow:mountpoint = $shadow_tstdir 2258 2259[dfq] 2260 path = $shrdir/dfree 2261 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq 2262 admin users = $unix_name 2263 include = $dfqconffile 2264[dfq_cache] 2265 path = $shrdir/dfree 2266 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq 2267 admin users = $unix_name 2268 include = $dfqconffile 2269 dfree cache time = 60 2270[dfq_owner] 2271 path = $shrdir/dfree 2272 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq 2273 inherit owner = yes 2274 include = $dfqconffile 2275[quotadir] 2276 path = $shrdir/quota 2277 admin users = $unix_name 2278 2279[acl_xattr_ign_sysacl_posix] 2280 copy = tmp 2281 acl_xattr:ignore system acls = yes 2282 acl_xattr:default acl style = posix 2283[acl_xattr_ign_sysacl_windows] 2284 copy = tmp 2285 acl_xattr:ignore system acls = yes 2286 acl_xattr:default acl style = windows 2287 2288[mangle_illegal] 2289 copy = tmp 2290 mangled names = illegal 2291 2292[nosymlinks] 2293 copy = tmp 2294 path = $nosymlinks_shrdir 2295 follow symlinks = no 2296 2297[local_symlinks] 2298 copy = tmp 2299 path = $local_symlinks_shrdir 2300 follow symlinks = yes 2301 2302[kernel_oplocks] 2303 copy = tmp 2304 kernel oplocks = yes 2305 vfs objects = streams_xattr xattr_tdb 2306 2307[streams_xattr] 2308 copy = tmp 2309 vfs objects = streams_xattr xattr_tdb 2310 2311[compound_find] 2312 copy = tmp 2313 smbd:find async delay usec = 10000 2314[error_inject] 2315 copy = tmp 2316 vfs objects = error_inject 2317 include = $errorinjectconf 2318 2319[delay_inject] 2320 copy = tmp 2321 vfs objects = delay_inject 2322 kernel share modes = no 2323 kernel oplocks = no 2324 posix locking = no 2325 include = $delayinjectconf 2326 2327[aio_delay_inject] 2328 copy = tmp 2329 vfs objects = delay_inject 2330 delay_inject:pread_send = 2000 2331 delay_inject:pwrite_send = 2000 2332 2333[brl_delay_inject1] 2334 copy = tmp 2335 vfs objects = delay_inject 2336 delay_inject:brl_lock_windows = 90 2337 delay_inject:brl_lock_windows_use_timer = yes 2338 2339[brl_delay_inject2] 2340 copy = tmp 2341 vfs objects = delay_inject 2342 delay_inject:brl_lock_windows = 90 2343 delay_inject:brl_lock_windows_use_timer = no 2344 2345[delete_readonly] 2346 path = $prefix_abs/share 2347 delete readonly = yes 2348 "; 2349 close(CONF); 2350 2351 my $net = Samba::bindir_path($self, "net"); 2352 my $cmd = ""; 2353 $cmd .= "SMB_CONF_PATH=\"$conffile\" "; 2354 $cmd .= "$net setlocalsid $samsid"; 2355 2356 if (system($cmd) != 0) { 2357 warn("Join failed\n$cmd"); 2358 return undef; 2359 } 2360 2361 unless (open(ERRORCONF, ">$errorinjectconf")) { 2362 warn("Unable to open $errorinjectconf"); 2363 return undef; 2364 } 2365 close(ERRORCONF); 2366 2367 unless (open(DELAYCONF, ">$delayinjectconf")) { 2368 warn("Unable to open $delayinjectconf"); 2369 return undef; 2370 } 2371 close(DELAYCONF); 2372 2373 unless (open(DFQCONF, ">$dfqconffile")) { 2374 warn("Unable to open $dfqconffile"); 2375 return undef; 2376 } 2377 close(DFQCONF); 2378 2379 unless (open(DELAYCONF, ">$globalinjectconf")) { 2380 warn("Unable to open $globalinjectconf"); 2381 return undef; 2382 } 2383 close(DELAYCONF); 2384 2385 ## 2386 ## create a test account 2387 ## 2388 2389 unless (open(PASSWD, ">$nss_wrapper_passwd")) { 2390 warn("Unable to open $nss_wrapper_passwd"); 2391 return undef; 2392 } 2393 print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false 2394$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false 2395pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false 2396pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false 2397userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false 2398pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false 2399force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false 2400smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false 2401user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false 2402user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false 2403gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false 2404eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false 2405slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false 2406"; 2407 if ($unix_uid != 0) { 2408 print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false 2409"; 2410 } 2411 close(PASSWD); 2412 2413 unless (open(GROUP, ">$nss_wrapper_group")) { 2414 warn("Unable to open $nss_wrapper_group"); 2415 return undef; 2416 } 2417 print GROUP "nobody:x:$gid_nobody: 2418nogroup:x:$gid_nogroup:nobody 2419$unix_name-group:x:$unix_gids[0]: 2420domusers:X:$gid_domusers: 2421domadmins:X:$gid_domadmins: 2422userdup:x:$gid_userdup:$unix_name 2423everyone:x:$gid_everyone: 2424force_user:x:$gid_force_user: 2425"; 2426 if ($unix_gids[0] != 0) { 2427 print GROUP "root:x:$gid_root: 2428"; 2429 } 2430 2431 close(GROUP); 2432 2433 ## hosts 2434 my $hostname = lc($server); 2435 unless (open(HOSTS, ">>$nss_wrapper_hosts")) { 2436 warn("Unable to open $nss_wrapper_hosts"); 2437 return undef; 2438 } 2439 print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n"; 2440 print HOSTS "${server_ipv6} ${hostname}.samba.example.com ${hostname}\n"; 2441 close(HOSTS); 2442 2443 ## hosts 2444 unless (open(RESOLV_CONF, ">$resolv_conf")) { 2445 warn("Unable to open $resolv_conf"); 2446 return undef; 2447 } 2448 if (defined($dc_server_ip) or defined($dc_server_ipv6)) { 2449 if (defined($dc_server_ip)) { 2450 print RESOLV_CONF "nameserver $dc_server_ip\n"; 2451 } 2452 if (defined($dc_server_ipv6)) { 2453 print RESOLV_CONF "nameserver $dc_server_ipv6\n"; 2454 } 2455 } else { 2456 print RESOLV_CONF "nameserver ${server_ip}\n"; 2457 print RESOLV_CONF "nameserver ${server_ipv6}\n"; 2458 } 2459 close(RESOLV_CONF); 2460 2461 foreach my $evlog (@eventlog_list) { 2462 my $evlogtdb = "$eventlogdir/$evlog.tdb"; 2463 open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb"); 2464 close(EVENTLOG); 2465 } 2466 2467 $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; 2468 $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group; 2469 $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; 2470 $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; 2471 if ($ENV{SAMBA_DNS_FAKING}) { 2472 $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file; 2473 } else { 2474 $createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf; 2475 } 2476 2477 createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user"); 2478 createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user"); 2479 createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user"); 2480 createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1"); 2481 createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2"); 2482 createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser"); 2483 createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser"); 2484 createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser"); 2485 2486 open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); 2487 print DNS_UPDATE_LIST "A $server. $server_ip\n"; 2488 print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; 2489 close(DNS_UPDATE_LIST); 2490 2491 print "DONE\n"; 2492 2493 $ret{SERVER_IP} = $server_ip; 2494 $ret{SERVER_IPV6} = $server_ipv6; 2495 $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; 2496 $ret{NMBD_TEST_LOG_POS} = 0; 2497 $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log"; 2498 $ret{WINBINDD_TEST_LOG_POS} = 0; 2499 $ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log"; 2500 $ret{SMBD_TEST_LOG_POS} = 0; 2501 $ret{SERVERCONFFILE} = $conffile; 2502 $ret{TESTENV_DIR} = $prefix_abs; 2503 $ret{CONFIGURATION} ="-s $conffile"; 2504 $ret{LOCK_DIR} = $lockdir; 2505 $ret{SERVER} = $server; 2506 $ret{USERNAME} = $unix_name; 2507 $ret{USERID} = $unix_uid; 2508 $ret{DOMAIN} = $domain; 2509 $ret{SAMSID} = $samsid; 2510 $ret{NETBIOSNAME} = $server; 2511 $ret{PASSWORD} = $password; 2512 $ret{PIDDIR} = $piddir; 2513 $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir; 2514 $ret{NMBD_SOCKET_DIR} = $nmbdsockdir; 2515 $ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface; 2516 $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; 2517 $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; 2518 $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; 2519 $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; 2520 $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self); 2521 $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind"; 2522 if ($ENV{SAMBA_DNS_FAKING}) { 2523 $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file; 2524 } else { 2525 $ret{RESOLV_WRAPPER_CONF} = $resolv_conf; 2526 } 2527 $ret{LOCAL_PATH} = "$shrdir"; 2528 $ret{LOGDIR} = $logdir; 2529 2530 # 2531 # Avoid hitting system krb5.conf - 2532 # An env that needs Kerberos will reset this to the real 2533 # value. 2534 # 2535 $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf"; 2536 2537 # Define KRB5CCNAME for each environment we set up 2538 $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache"; 2539 $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE}; 2540 2541 return \%ret; 2542} 2543 2544sub wait_for_start($$$$$) 2545{ 2546 my ($self, $envvars, $nmbd, $winbindd, $smbd) = @_; 2547 my $cmd; 2548 my $netcmd; 2549 my $ret; 2550 2551 if ($nmbd eq "yes") { 2552 my $count = 0; 2553 2554 # give time for nbt server to register its names 2555 print "checking for nmbd\n"; 2556 2557 # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init 2558 my $nmblookup = Samba::bindir_path($self, "nmblookup"); 2559 2560 do { 2561 $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}"); 2562 if ($ret != 0) { 2563 sleep(1); 2564 } else { 2565 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); 2566 system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__"); 2567 system("$nmblookup $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__"); 2568 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); 2569 } 2570 $count++; 2571 } while ($ret != 0 && $count < 10); 2572 if ($count == 10) { 2573 print "NMBD not reachable after 10 retries\n"; 2574 teardown_env($self, $envvars); 2575 return 0; 2576 } 2577 } 2578 2579 if ($winbindd eq "yes") { 2580 print "checking for winbindd\n"; 2581 my $count = 0; 2582 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; 2583 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; 2584 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; 2585 $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc"; 2586 2587 do { 2588 if ($ret != 0) { 2589 $ret = system($cmd); 2590 sleep(1); 2591 } 2592 $count++; 2593 } while ($ret != 0 && $count < 20); 2594 if ($count == 20) { 2595 print "WINBINDD not reachable after 20 seconds\n"; 2596 teardown_env($self, $envvars); 2597 return 0; 2598 } 2599 } 2600 2601 if ($smbd eq "yes") { 2602 # make sure smbd is also up set 2603 print "wait for smbd\n"; 2604 2605 my $count = 0; 2606 do { 2607 $ret = system(Samba::bindir_path($self, "smbclient") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139"); 2608 if ($ret != 0) { 2609 sleep(1); 2610 } 2611 $count++ 2612 } while ($ret != 0 && $count < 20); 2613 if ($count == 20) { 2614 print "SMBD failed to start up in a reasonable time (20sec)\n"; 2615 teardown_env($self, $envvars); 2616 return 0; 2617 } 2618 } 2619 2620 # Ensure we have domain users mapped. 2621 $netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; 2622 $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; 2623 $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} "; 2624 2625 $cmd = $netcmd . "groupmap delete ntgroup=domusers"; 2626 $ret = system($cmd); 2627 2628 $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain"; 2629 $ret = system($cmd); 2630 if ($ret != 0) { 2631 print("\"$cmd\" failed\n"); 2632 return 1; 2633 } 2634 2635 $cmd = $netcmd . "groupmap delete ntgroup=domadmins"; 2636 $ret = system($cmd); 2637 2638 $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain"; 2639 $ret = system($cmd); 2640 if ($ret != 0) { 2641 print("\"$cmd\" failed\n"); 2642 return 1; 2643 } 2644 2645 $cmd = $netcmd . "groupmap delete ntgroup=everyone"; 2646 $ret = system($cmd); 2647 2648 $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin"; 2649 $ret = system($cmd); 2650 if ($ret != 0) { 2651 print("\"$cmd\" failed\n"); 2652 return 1; 2653 } 2654 2655 # note: creating builtin groups requires winbindd for the 2656 # unix id allocator 2657 my $create_builtin_users = "no"; 2658 if ($winbindd eq "yes") { 2659 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; 2660 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; 2661 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; 2662 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; 2663 my $wbinfo_out = qx($cmd 2>&1); 2664 if ($? != 0) { 2665 # wbinfo doesn't give us a better error code then 2666 # WBC_ERR_DOMAIN_NOT_FOUND, but at least that's 2667 # different then WBC_ERR_WINBIND_NOT_AVAILABLE 2668 if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) { 2669 print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out"); 2670 teardown_env($self, $envvars); 2671 return 0; 2672 } 2673 $create_builtin_users = "yes"; 2674 } 2675 } 2676 if ($create_builtin_users eq "yes") { 2677 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; 2678 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; 2679 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; 2680 $cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; 2681 $cmd .= "sam createbuiltingroup Users"; 2682 $ret = system($cmd); 2683 if ($ret != 0) { 2684 print "Failed to create BUILTIN\\Users group\n"; 2685 teardown_env($self, $envvars); 2686 return 0; 2687 } 2688 2689 $cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; 2690 $cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545"; 2691 system($cmd); 2692 2693 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; 2694 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; 2695 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; 2696 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; 2697 $ret = system($cmd); 2698 if ($ret != 0) { 2699 print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n"; 2700 teardown_env($self, $envvars); 2701 return 0; 2702 } 2703 } 2704 2705 print $self->getlog_env($envvars); 2706 2707 return 1; 2708} 2709 27101; 2711