2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
14 use IO
::Poll
qw(POLLIN);
17 my ($classname, $bindir, $srcdir, $server_maxtime,
18 $opt_socket_wrapper_pcap, $opt_socket_wrapper_keep_pcap,
19 $default_ldb_backend) = @_;
22 opt_socket_wrapper_pcap
=> $opt_socket_wrapper_pcap,
23 opt_socket_wrapper_keep_pcap
=> $opt_socket_wrapper_keep_pcap,
25 $self->{samba3
} = new Samba3
($self, $bindir, $srcdir, $server_maxtime);
26 $self->{samba4
} = new Samba4
($self, $bindir, $srcdir, $server_maxtime, $default_ldb_backend);
31 %Samba::ENV_DEPS
= (%Samba3::ENV_DEPS
, %Samba4::ENV_DEPS
);
34 %Samba::ENV_DEPS_POST
= (%Samba3::ENV_DEPS_POST
, %Samba4::ENV_DEPS_POST
);
37 %Samba::ENV_TARGETS
= (
38 (map { $_ => "Samba3" } keys %Samba3::ENV_DEPS
),
39 (map { $_ => "Samba4" } keys %Samba4::ENV_DEPS
),
43 %Samba::ENV_NEEDS_AD_DC
= (
44 (map { $_ => 1 } keys %Samba4::ENV_DEPS
)
47 foreach my $env (keys %Samba3::ENV_DEPS
) {
48 $ENV_NEEDS_AD_DC{$env} = ($env =~ /^ad_/);
53 my ($self, $name) = @_;
55 return unless ($self->{opt_socket_wrapper_pcap
});
56 return unless defined($ENV{SOCKET_WRAPPER_PCAP_DIR
});
59 $fname =~ s
%[^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\
-]%_%g;
61 my $pcap_file = "$ENV{SOCKET_WRAPPER_PCAP_DIR}/$fname.pcap";
63 SocketWrapper
::setup_pcap
($pcap_file);
70 my ($self, $pcap_file, $exitcode) = @_;
72 return unless ($self->{opt_socket_wrapper_pcap
});
73 return if ($self->{opt_socket_wrapper_keep_pcap
});
74 return unless ($exitcode == 0);
75 return unless defined($pcap_file);
82 my ($self, $envname, $path) = @_;
84 my $targetname = $ENV_TARGETS{$envname};
85 if (not defined($targetname)) {
86 warn("Samba can't provide environment '$envname'");
91 "Samba3" => $self->{samba3
},
92 "Samba4" => $self->{samba4
}
94 my $target = $targetlookup{$targetname};
96 if (defined($target->{vars
}->{$envname})) {
97 return $target->{vars
}->{$envname};
100 $target->{vars
}->{$envname} = "";
103 foreach(@
{$ENV_DEPS{$envname}}) {
104 my $vars = $self->setup_env($_, $path);
105 if (defined($vars)) {
106 push(@dep_vars, $vars);
108 warn("Failed setting up $_ as a dependency of $envname");
113 $ENV{ENVNAME
} = $envname;
114 # Avoid hitting system krb5.conf -
115 # An env that needs Kerberos will reset this to the real value.
116 $ENV{KRB5_CONFIG
} = "$path/no_krb5.conf";
117 $ENV{RESOLV_CONF
} = "$path/no_resolv.conf";
119 my $setup_name = $ENV_TARGETS{$envname}."::setup_".$envname;
120 my $setup_sub = \
&$setup_name;
121 my $setup_pcap_file = $self->setup_pcap("env-$ENV{ENVNAME}-setup");
122 my $env = &$setup_sub($target, "$path/$envname", @dep_vars);
123 $self->cleanup_pcap($setup_pcap_file, not defined($env));
124 SocketWrapper
::setup_pcap
(undef);
126 if (not defined($env)) {
127 warn("failed to start up environment '$envname'");
130 if ($env eq "UNKNOWN") {
131 warn("unknown environment '$envname'");
135 $target->{vars
}->{$envname} = $env;
136 $target->{vars
}->{$envname}->{target
} = $target;
138 foreach(@
{$ENV_DEPS_POST{$envname}}) {
139 if (not defined $_) {
142 my $vars = $self->setup_env($_, $path);
143 if (not defined($vars)) {
151 sub bindir_path
($$) {
152 my ($object, $path) = @_;
154 my $valpath = "$object->{bindir}/$path";
157 if (defined $ENV{'PYTHON'}) {
158 $python_cmd = $ENV{'PYTHON'} . " ";
161 if (-f
$valpath or -d
$valpath) {
164 # make sure we prepend samba-tool with calling $PYTHON python version
165 if ($path eq "samba-tool") {
166 $result = $python_cmd . $result;
171 sub nss_wrapper_winbind_so_path
($) {
173 my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH
};
174 if (not defined($ret)) {
175 $ret = bindir_path
($object, "plugins/libnss_wrapper_winbind.so.2");
176 $ret = abs_path
($ret);
181 sub copy_file_content
($$)
184 open(IN
, "${in}") or die("failed to open in[${in}] for reading: $!");
185 open(OUT
, ">${out}") or die("failed to open out[${out}] for writing: $!");
193 sub prepare_keyblobs
($)
197 my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
198 my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
199 # A file containing a CRL with no revocations.
200 my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
201 my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}";
202 my $dcdir = "$cadir/DCs/$dcdnsname";
203 my $dccert = "$dcdir/DC-$dcdnsname-cert.pem";
204 my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem";
205 my $adminprincipalname = "administrator\@$ctx->{dnsname}";
206 my $admindir = "$cadir/Users/$adminprincipalname";
207 my $admincert = "$admindir/USER-$adminprincipalname-cert.pem";
208 my $adminkey_private = "$admindir/USER-$adminprincipalname-private-key.pem";
209 my $pkinitprincipalname = "pkinit\@$ctx->{dnsname}";
210 my $ca_pkinitdir = "$cadir/Users/$pkinitprincipalname";
211 my $pkinitcert = "$ca_pkinitdir/USER-$pkinitprincipalname-cert.pem";
212 my $pkinitkey_private = "$ca_pkinitdir/USER-$pkinitprincipalname-private-key.pem";
214 my $tlsdir = "$ctx->{tlsdir}";
215 my $pkinitdir = "$ctx->{prefix_abs}/pkinit";
216 #TLS and PKINIT crypto blobs
217 my $dhfile = "$tlsdir/dhparms.pem";
218 my $cafile = "$tlsdir/ca.pem";
219 my $crlfile = "$tlsdir/crl.pem";
220 my $certfile = "$tlsdir/cert.pem";
221 my $keyfile = "$tlsdir/key.pem";
222 my $admincertfile = "$pkinitdir/USER-$adminprincipalname-cert.pem";
223 my $adminkeyfile = "$pkinitdir/USER-$adminprincipalname-private-key.pem";
224 my $pkinitcertfile = "$pkinitdir/USER-$pkinitprincipalname-cert.pem";
225 my $pkinitkeyfile = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem";
227 mkdir($tlsdir, 0700);
228 mkdir($pkinitdir, 0700);
229 my $oldumask = umask;
232 # This is specified here to avoid draining entropy on every run
234 # openssl dhparam -out dhparms.pem -text -2 8192
235 open(DHFILE
, ">$dhfile");
237 -----BEGIN DH PARAMETERS-----
238 MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87
239 SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe
240 pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx
241 XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB
242 WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
243 yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p
244 jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb
245 Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
246 N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR
247 +yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
248 YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
249 tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d
250 05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
251 OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7
252 MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL
253 xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM
254 04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV
255 /cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
256 XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
257 DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H
258 YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx
259 RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg==
260 -----END DH PARAMETERS-----
264 if (! -e
${dckey_private
}) {
269 copy_file_content
(${cacert
}, ${cafile
});
270 copy_file_content
(${cacrl_pem
}, ${crlfile
});
271 copy_file_content
(${dccert
}, ${certfile
});
272 copy_file_content
(${dckey_private
}, ${keyfile
});
273 if (-e
${adminkey_private
}) {
274 copy_file_content
(${admincert
}, ${admincertfile
});
275 copy_file_content
(${adminkey_private
}, ${adminkeyfile
});
277 if (-e
${pkinitkey_private
}) {
278 copy_file_content
(${pkinitcert
}, ${pkinitcertfile
});
279 copy_file_content
(${pkinitkey_private
}, ${pkinitkeyfile
});
282 # COMPAT stuff to be removed in a later commit
283 my $kdccertfile = "$tlsdir/kdc.pem";
284 copy_file_content
(${dccert
}, ${kdccertfile
});
289 sub copy_gnupg_home
($)
293 my $gnupg_srcdir = "$ENV{SRCDIR_ABS}/selftest/gnupg";
301 my $oldumask = umask;
303 mkdir($ctx->{gnupghome
}, 0777);
305 foreach my $file (@files) {
306 my $srcfile = "${gnupg_srcdir}/${file}";
307 my $dstfile = "$ctx->{gnupghome}/${file}";
308 copy_file_content
(${srcfile
}, ${dstfile
});
317 unless (open(KRB5CONF
, ">$ctx->{krb5_conf}")) {
318 warn("can't open $ctx->{krb5_conf}$?");
322 my $our_realms_stanza = mk_realms_stanza
($ctx->{realm
},
327 #Generated krb5.conf for $ctx->{realm}
330 default_realm = $ctx->{realm}
331 dns_lookup_realm = false
332 dns_lookup_kdc = true
333 ticket_lifetime = 24h
336 # We are running on the same machine, do not correct
337 # system clock differences
340 fcache_strict_checking = false
343 if (defined($ENV{MITKRB5
})) {
345 # Set the grace clockskew to 5 seconds
346 # This is especially required by samba3.raw.session krb5 and
347 # reauth tests when not using Heimdal
349 # To allow the FL 2000 DC to still work for now
354 if (defined($ctx->{krb5_ccname
})) {
356 default_ccache_name = $ctx->{krb5_ccname}
361 if (defined($ctx->{supported_enctypes
})) {
363 default_etypes = $ctx->{supported_enctypes}
364 default_as_etypes = $ctx->{supported_enctypes}
365 default_tgs_enctypes = $ctx->{supported_enctypes}
366 default_tkt_enctypes = $ctx->{supported_enctypes}
367 permitted_enctypes = $ctx->{supported_enctypes}
371 if (defined($ctx->{tlsdir
})) {
372 if (defined($ENV{MITKRB5
})) {
374 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
375 pkinit_kdc_hostname = $ctx->{hostname}.$ctx->{dnsname}
382 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
386 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
387 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
388 pkinit_revoke = FILE:$ctx->{tlsdir}/crl.pem
402 sub append_krb5_conf_trust_realms
($$)
406 unless (open(KRB5CONF
, ">>$ctx->{KRB5_CONFIG}")) {
407 warn("can't open $ctx->{KRB5_CONFIG}$?");
411 my $trust_realms_stanza = mk_realms_stanza
($ctx->{TRUST_REALM
},
412 $ctx->{TRUST_DNSNAME
},
413 $ctx->{TRUST_DOMAIN
},
414 $ctx->{TRUST_SERVER_IP
});
416 print KRB5CONF
" $trust_realms_stanza";
421 sub mk_realms_stanza
($$$$)
423 my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
424 my $lc_domain = lc($domain);
426 # The pkinit_require_krbtgt_otherName = false
427 # is just because the certificates we have saved
428 # do not have the realm in the subjectAltName
429 # (specially encoded as a principal)
431 # https://github.com/heimdal/heimdal/wiki/Setting-up-PK-INIT-and-Certificates
432 my $realms_stanza = "
435 admin_server = $kdc_ipv4:88
436 default_domain = $dnsname
437 pkinit_require_krbtgt_otherName = false
441 admin_server = $kdc_ipv4:88
442 default_domain = $dnsname
443 pkinit_require_krbtgt_otherName = false
447 admin_server = $kdc_ipv4:88
448 default_domain = $dnsname
449 pkinit_require_krbtgt_otherName = false
453 admin_server = $kdc_ipv4:88
454 default_domain = $dnsname
455 pkinit_require_krbtgt_otherName = false
459 return $realms_stanza;
462 sub mk_mitkdc_conf
($$)
464 # samba_kdb_dir is the path to mit_samba.so
465 my ($ctx, $samba_kdb_dir) = @_;
467 unless (open(KDCCONF
, ">$ctx->{mitkdc_conf}")) {
468 warn("can't open $ctx->{mitkdc_conf}$?");
473 # Generated kdc.conf for $ctx->{realm}
478 restrict_anonymous_to_tgt = true
482 master_key_type = aes256-cts
483 default_principal_flags = +preauth
484 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
485 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
486 pkinit_eku_checking = scLogin
487 pkinit_indicator = pkinit
488 pkinit_allow_upn = true
492 master_key_type = aes256-cts
493 default_principal_flags = +preauth
494 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
495 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
496 pkinit_eku_checking = scLogin
497 pkinit_indicator = pkinit
498 pkinit_allow_upn = true
502 master_key_type = aes256-cts
503 default_principal_flags = +preauth
504 pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
505 pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
506 pkinit_eku_checking = scLogin
507 pkinit_indicator = pkinit
508 pkinit_allow_upn = true
512 db_module_dir = $samba_kdb_dir
527 kdc = FILE:$ctx->{logdir}/mit_kdc.log
533 sub mk_resolv_conf
($$)
537 unless (open(RESOLV_CONF
, ">$ctx->{resolv_conf}")) {
538 warn("can't open $ctx->{resolv_conf}$?");
542 print RESOLV_CONF
"nameserver $ctx->{dns_ipv4}\n";
543 print RESOLV_CONF
"nameserver $ctx->{dns_ipv6}\n";
547 sub realm_to_ip_mappings
549 # this maps the DNS realms for the various testenvs to the corresponding
550 # PDC (i.e. the first DC created for that realm).
551 my %realm_to_pdc_mapping = (
552 'adnonssdom.samba.example.com' => 'addc_no_nss',
553 'adnontlmdom.samba.example.com' => 'addc_no_ntlm',
554 'samba2000.example.com' => 'dc5',
555 'samba2003.example.com' => 'dc6',
556 'samba2008r2.example.com' => 'dc7',
557 'addom.samba.example.com' => 'addc',
558 'addom2.samba.example.com' => 'addcsmb1',
559 'sub.samba.example.com' => 'localsubdc',
560 'chgdcpassword.samba.example.com' => 'chgdcpass',
561 'backupdom.samba.example.com' => 'backupfromdc',
562 'renamedom.samba.example.com' => 'renamedc',
563 'labdom.samba.example.com' => 'labdc',
564 'schema.samba.example.com' => 'liveupgrade1dc',
565 'prockilldom.samba.example.com' => 'prockilldc',
566 'proclimit.samba.example.com' => 'proclimitdc',
567 'samba.example.com' => 'localdc',
568 'fips.samba.example.com' => 'fipsdc',
573 # convert the hashmap to a list of key=value strings, where key is the
574 # realm and value is the IP address
575 foreach my $realm (sort(keys %realm_to_pdc_mapping)) {
576 my $pdc = $realm_to_pdc_mapping{$realm};
577 my $ipaddr = get_ipv4_addr
($pdc);
578 push(@mapping, "$realm=$ipaddr");
580 # return the mapping as a single comma-separated string
581 return join(',', @mapping);
586 my ($netbiosname) = @_;
587 $netbiosname = lc($netbiosname);
589 # this maps the SOCKET_WRAPPER_DEFAULT_IFACE value for each possible
590 # testenv to the DC's NETBIOS name. This value also corresponds to last
591 # digit of the DC's IP address. Note that the NETBIOS name may differ from
593 # Note that when adding a DC with a new realm, also update
594 # get_realm_ip_mappings() above.
595 my %testenv_iface_mapping = (
597 localnt4member3
=> 4,
605 # 11-16 are used by selftest.pl for the client.conf. Most tests only
606 # use the first .11 IP. However, some tests (like winsreplication) rely
607 # on the client having multiple IPs.
613 idmapridmember
=> 20,
615 localvampiredc
=> 22,
629 fakednsforwarder1
=> 36,
630 fakednsforwarder2
=> 37,
637 offlinebackupdc
=> 44,
641 liveupgrade1dc
=> 48,
642 liveupgrade2dc
=> 49,
646 fileserversmb1
=> 53,
654 localadmember2
=> 61,
657 rootdnsforwarder
=> 64,
659 # Note: that you also need to update dns_hub.py when adding a new
661 # update lib/socket_wrapper/socket_wrapper.c
662 # #define MAX_WRAPPED_INTERFACES 64
663 # if you wish to have more than 64 interfaces
666 if (not defined($testenv_iface_mapping{$netbiosname})) {
670 return $testenv_iface_mapping{$netbiosname};
675 my ($hostname, $iface_num) = @_;
676 my $swiface = Samba
::get_interface
($hostname);
678 # Handle testenvs with multiple different addresses, i.e. IP multihoming.
679 # Currently only the selftest client has multiple IPv4 addresses.
680 if (defined($iface_num)) {
681 $swiface += $iface_num;
684 return "10.53.57.$swiface";
690 my $swiface = Samba
::get_interface
($hostname);
692 return sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface);
695 # returns the 'interfaces' setting for smb.conf, i.e. the IPv4/IPv6
696 # addresses for testenv
697 sub get_interfaces_config
699 my ($hostname, $num_ips) = @_;
702 # We give the client.conf multiple different IPv4 addresses.
703 # All other testenvs generally just have one IPv4 address.
704 if (! defined($num_ips)) {
707 for (my $i = 0; $i < $num_ips; $i++) {
708 my $ipv4_addr = Samba
::get_ipv4_addr
($hostname, $i);
709 if (use_namespaces
()) {
710 # use a /24 subnet with network namespaces
711 $interfaces .= "$ipv4_addr/24 ";
713 $interfaces .= "$ipv4_addr/8 ";
717 my $ipv6_addr = Samba
::get_ipv6_addr
($hostname);
718 $interfaces .= "$ipv6_addr/64";
723 sub cleanup_child
($$)
725 my ($pid, $name) = @_;
727 if (!defined($pid)) {
728 print STDERR
"cleanup_child: pid not defined ... not calling waitpid\n";
732 my $childpid = waitpid($pid, WNOHANG
);
734 if ($childpid == 0) {
735 } elsif ($childpid < 0) {
736 printf STDERR
"%s child process %d isn't here any more\n", $name, $pid;
739 printf STDERR
"%s child process %d, died with signal %d, %s coredump\n",
740 $name, $childpid, ($?
& 127), ($?
& 128) ?
'with' : 'without';
742 printf STDERR
"%s child process %d exited with value %d\n", $name, $childpid, $?
>> 8;
747 sub random_domain_sid
()
749 my $domain_sid = "S-1-5-21-". int(rand(4294967295)) . "-" . int(rand(4294967295)) . "-" . int(rand(4294967295));
753 # sets the environment variables ready for running a given process
754 sub set_env_for_process
756 my ($proc_name, $env_vars, $proc_envs) = @_;
758 if (not defined($proc_envs)) {
759 $proc_envs = get_env_for_process
($proc_name, $env_vars);
762 foreach my $key (keys %{ $proc_envs }) {
763 $ENV{$key} = $proc_envs->{$key};
767 sub get_env_for_process
769 my ($proc_name, $env_vars) = @_;
771 RESOLV_CONF
=> $env_vars->{RESOLV_CONF
},
772 KRB5_CONFIG
=> $env_vars->{KRB5_CONFIG
},
773 KRB5CCNAME
=> "$env_vars->{KRB5_CCACHE}.$proc_name",
774 GNUPGHOME
=> $env_vars->{GNUPGHOME
},
775 SELFTEST_WINBINDD_SOCKET_DIR
=> $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR
},
776 NMBD_SOCKET_DIR
=> $env_vars->{NMBD_SOCKET_DIR
},
777 NSS_WRAPPER_PASSWD
=> $env_vars->{NSS_WRAPPER_PASSWD
},
778 NSS_WRAPPER_GROUP
=> $env_vars->{NSS_WRAPPER_GROUP
},
779 NSS_WRAPPER_HOSTS
=> $env_vars->{NSS_WRAPPER_HOSTS
},
780 NSS_WRAPPER_HOSTNAME
=> $env_vars->{NSS_WRAPPER_HOSTNAME
},
781 NSS_WRAPPER_MODULE_SO_PATH
=> $env_vars->{NSS_WRAPPER_MODULE_SO_PATH
},
782 NSS_WRAPPER_MODULE_FN_PREFIX
=> $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX
},
783 UID_WRAPPER_ROOT
=> "1",
784 ENVNAME
=> "$ENV{ENVNAME}.$proc_name",
787 if (defined($env_vars->{RESOLV_WRAPPER_CONF
})) {
788 $proc_envs->{RESOLV_WRAPPER_CONF
} = $env_vars->{RESOLV_WRAPPER_CONF
};
790 $proc_envs->{RESOLV_WRAPPER_HOSTS
} = $env_vars->{RESOLV_WRAPPER_HOSTS
};
792 if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE
})) {
793 $proc_envs->{GNUTLS_FORCE_FIPS_MODE
} = $env_vars->{GNUTLS_FORCE_FIPS_MODE
};
795 if (defined($env_vars->{OPENSSL_FORCE_FIPS_MODE
})) {
796 $proc_envs->{OPENSSL_FORCE_FIPS_MODE
} = $env_vars->{OPENSSL_FORCE_FIPS_MODE
};
803 my ($self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup) = @_;
804 my $SambaCtx = $self;
805 $SambaCtx = $self->{SambaCtx
} if defined($self->{SambaCtx
});
807 # we close the child's write-end of the pipe and redirect the
808 # read-end to its stdin. That way the daemon will receive an
809 # EOF on stdin when parent selftest process closes its
811 $child_cleanup //= sub { close($env_vars->{STDIN_PIPE
}) };
813 unlink($daemon_ctx->{LOG_FILE
});
814 print "STARTING $daemon_ctx->{NAME} for $ENV{ENVNAME}...";
819 # exec the daemon in the child process
823 # redirect the daemon's stdout/stderr to a log file
824 if (defined($daemon_ctx->{TEE_STDOUT
})) {
825 # in some cases, we want out from samba to go to the log file,
826 # but also to the users terminal when running 'make test' on the
827 # command line. This puts it on stderr on the terminal
828 open STDOUT
, "| tee $daemon_ctx->{LOG_FILE} 1>&2";
830 open STDOUT
, ">$daemon_ctx->{LOG_FILE}";
832 open STDERR
, '>&STDOUT';
834 SocketWrapper
::set_default_iface
($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE
});
835 if (defined($daemon_ctx->{PCAP_FILE
})) {
836 $SambaCtx->setup_pcap("$daemon_ctx->{PCAP_FILE}");
839 # setup ENV variables in the child process
840 set_env_for_process
($daemon_ctx->{NAME
}, $env_vars,
841 $daemon_ctx->{ENV_VARS
});
845 # not all s3 daemons run in all testenvs (e.g. fileserver doesn't
846 # run winbindd). In which case, the child process just sleeps
847 if (defined($daemon_ctx->{SKIP_DAEMON
})) {
848 $SIG{USR1
} = $SIG{ALRM
} = $SIG{INT
} = $SIG{QUIT
} = $SIG{TERM
} = sub {
850 print("Skip $daemon_ctx->{NAME} received signal $signame");
853 my $poll = IO
::Poll
->new();
854 $poll->mask($STDIN_READER, POLLIN
);
855 $poll->poll($self->{server_maxtime
});
859 $ENV{MAKE_TEST_BINARY
} = $daemon_ctx->{BINARY_PATH
};
861 open STDIN
, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
863 # if using kernel namespaces, prepend the command so the process runs in
865 if (Samba
::use_namespaces
()) {
866 @preargs = ns_exec_preargs
($parent_pid, $env_vars);
869 # the command args are stored as an array reference (because...Perl),
870 # so convert the reference back to an array
871 my @full_cmd = @
{ $daemon_ctx->{FULL_CMD
} };
873 exec(@preargs, @full_cmd) or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!");
876 print "DONE ($pid)\n";
878 # if using kernel namespaces, we now establish a connection between the
879 # main selftest namespace (i.e. this process) and the new child namespace
880 if (use_namespaces
()) {
881 ns_child_forked
($pid, $env_vars);
887 my @exported_envvars = (
894 # stuff related to a trusted domain
902 # stuff related to a trusted domain, on a trust_member
903 # the domain behind a forest trust (two-way)
904 "TRUST_F_BOTH_SERVER",
905 "TRUST_F_BOTH_SERVER_IP",
906 "TRUST_F_BOTH_SERVER_IPV6",
907 "TRUST_F_BOTH_NETBIOSNAME",
908 "TRUST_F_BOTH_USERNAME",
909 "TRUST_F_BOTH_PASSWORD",
910 "TRUST_F_BOTH_DOMAIN",
911 "TRUST_F_BOTH_REALM",
913 # stuff related to a trusted domain, on a trust_member
914 # the domain behind an external trust (two-way)
915 "TRUST_E_BOTH_SERVER",
916 "TRUST_E_BOTH_SERVER_IP",
917 "TRUST_E_BOTH_SERVER_IPV6",
918 "TRUST_E_BOTH_NETBIOSNAME",
919 "TRUST_E_BOTH_USERNAME",
920 "TRUST_E_BOTH_PASSWORD",
921 "TRUST_E_BOTH_DOMAIN",
922 "TRUST_E_BOTH_REALM",
924 # stuff related to a trusted NT4 domain,
925 # used for one-way trust fl2008r2dc <- nt4_dc
927 "NT4_TRUST_SERVER_IP",
931 # domain controller stuff
946 # only use these 2 as a last resort. Some tests need to test both client-
947 # side and server-side. In this case, run as default client, and access
948 # server's smb.conf as needed, typically using:
949 # param.LoadParm(filename_for_non_global_lp=os.environ['SERVERCONFFILE'])
960 "DOMAIN_ADMIN_PASSWORD",
962 "DOMAIN_USER_PASSWORD",
964 # UID/GID for rfc2307 mapping tests
972 "SELFTEST_WINBINDD_SOCKET_DIR",
978 "UNACCEPTABLE_PASSWORD",
984 "NSS_WRAPPER_PASSWD",
987 "NSS_WRAPPER_HOSTNAME",
988 "NSS_WRAPPER_MODULE_SO_PATH",
989 "NSS_WRAPPER_MODULE_FN_PREFIX",
992 "RESOLV_WRAPPER_CONF",
993 "RESOLV_WRAPPER_HOSTS",
1003 "CTDB_SOCKET_NODE0",
1004 "CTDB_SERVER_NAME_NODE0",
1005 "CTDB_IFACE_IP_NODE0",
1007 "CTDB_SOCKET_NODE1",
1008 "CTDB_SERVER_NAME_NODE1",
1009 "CTDB_IFACE_IP_NODE1",
1011 "CTDB_SOCKET_NODE2",
1012 "CTDB_SERVER_NAME_NODE2",
1013 "CTDB_IFACE_IP_NODE2",
1016 sub exported_envvars_str
1018 my ($testenv_vars) = @_;
1021 foreach (@exported_envvars) {
1022 next unless defined($testenv_vars->{$_});
1023 $out .= $_."=".$testenv_vars->{$_}."\n";
1029 sub clear_exported_envvars
1031 foreach (@exported_envvars) {
1038 my ($testenv_vars) = @_;
1040 foreach (@exported_envvars) {
1041 if (defined($testenv_vars->{$_})) {
1042 $ENV{$_} = $testenv_vars->{$_};
1049 sub export_envvars_to_file
1051 my ($filepath, $testenv_vars) = @_;
1052 my $env_str = exported_envvars_str
($testenv_vars);
1054 open(FILE
, "> $filepath");
1055 print FILE
"$env_str";
1059 # Returns true if kernel namespaces are being used instead of socket-wrapper.
1060 # The default is false.
1063 return defined($ENV{USE_NAMESPACES
});
1066 # returns a given testenv's interface-name (only when USE_NAMESPACES=1)
1067 sub ns_interface_name
1069 my ($hostname) = @_;
1071 # when using namespaces, each testenv has its own vethX interface,
1072 # where X = Samba::get_interface(testenv_name)
1073 my $iface = get_interface
($hostname);
1074 return "veth$iface";
1077 # Called after a new child namespace has been forked
1080 my ($child_pid, $env_vars) = @_;
1082 # we only need to do this for the first child forked for this testenv
1083 if (defined($env_vars->{NS_PID
})) {
1087 # store the child PID. It's the only way the main (selftest) namespace can
1088 # access the new child (testenv) namespace.
1089 $env_vars->{NS_PID
} = $child_pid;
1091 # Add the new child namespace's interface to the main selftest bridge.
1092 # This connects together the various testenvs so that selftest can talk to
1094 my $iface = ns_interface_name
($env_vars->{NETBIOSNAME
});
1095 system "$ENV{SRCDIR}/selftest/ns/add_bridge_iface.sh $iface-br selftest0";
1098 # returns args to prepend to a command in order to execute it the correct
1099 # namespace for the testenv (creating a new namespace if needed).
1100 # This should only used when USE_NAMESPACES=1 is set.
1103 my ($parent_pid, $env_vars) = @_;
1105 # NS_PID stores the pid of the first child daemon run in this namespace
1106 if (defined($env_vars->{NS_PID
})) {
1108 # the namespace has already been created previously. So we use nsenter
1109 # to execute the command in the given testenv's namespace. We need to
1110 # use the NS_PID to identify this particular namespace
1111 return ("nsenter", "-t", "$env_vars->{NS_PID}", "--net");
1114 # We need to create a new namespace for this daemon (i.e. we're
1115 # setting up a new testenv). First, write the environment variables to
1116 # an exports.sh file for this testenv (for convenient access by the
1117 # namespace scripts).
1118 my $exports_file = "$env_vars->{TESTENV_DIR}/exports.sh";
1119 export_envvars_to_file
($exports_file, $env_vars);
1121 # when using namespaces, each testenv has its own veth interface
1122 my $interface = ns_interface_name
($env_vars->{NETBIOSNAME
});
1124 # we use unshare to create a new network namespace. The start_in_ns.sh
1125 # helper script gets run first to setup the new namespace's interfaces.
1126 # (This all gets prepended around the actual command to run in the new
1128 return ("unshare", "--net", "$ENV{SRCDIR}/selftest/ns/start_in_ns.sh",
1129 $interface, $exports_file, $parent_pid);
1135 my ($self, $envvars) = @_;
1140 my ($self, $env) = @_;