search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline")
[Samba.git] / selftest / target / Samba3.pm
blobfdbba8411bcdef17ff284fbadfcdc51088360254
1 #!/usr/bin/perl
2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
5
6 # NOTE: Refer to the README for more details about the various testenvs,
7 # and tips about adding new testenvs.
8
9 package Samba3;
10
11 use strict;
12 use warnings;
13 use Cwd qw(abs_path);
14 use FindBin qw($RealBin);
15 use POSIX;
16 use target::Samba;
17 use File::Path 'remove_tree';
18
19 sub return_alias_env
20 {
21 my ($self, $path, $env) = @_;
22
23 # just an alias
24 return $env;
25 }
26
27 sub have_ads($) {
28 my ($self) = @_;
29 my $found_ads = 0;
30 my $smbd_build_options = Samba::bindir_path($self, "smbd") . " --configfile=/dev/null -b|";
31 open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!");
32
33 while (<IN>) {
34 if (/WITH_ADS/) {
35 $found_ads = 1;
36 }
37 }
38 close IN;
39
40 # If we were not built with ADS support, pretend we were never even available
41 print "smbd does not have ADS support\n" unless $found_ads;
42 return $found_ads;
43 }
44
45 # return smb.conf parameters applicable to @path, based on the underlying
46 # filesystem type
47 sub get_fs_specific_conf($$)
48 {
49 my ($self, $path) = @_;
50 my $mods = "";
51 my $stat_out = `stat --file-system $path` or return "";
52
53 if ($stat_out =~ m/Type:\s+btrfs/) {
54 $mods .= "streams_xattr btrfs";
55 }
56
57 if ($mods) {
58 return "vfs objects = $mods";
59 }
60
61 return '';
62 }
63
64 sub new($$) {
65 my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_;
66 my $self = { vars => {},
67 SambaCtx => $SambaCtx,
68 bindir => $bindir,
69 srcdir => $srcdir,
70 server_maxtime => $server_maxtime
71 };
72 bless $self;
73 return $self;
74 }
75
76 sub teardown_env($$)
77 {
78 my ($self, $envvars) = @_;
79
80 if (defined($envvars->{CTDB_PREFIX})) {
81 $self->teardown_env_ctdb($envvars);
82 } else {
83 $self->teardown_env_samba($envvars);
84 }
85
86 return;
87 }
88
89 sub teardown_env_samba($$)
90 {
91 my ($self, $envvars) = @_;
92 my $count = 0;
93
94 # This should cause smbd to terminate gracefully
95 close($envvars->{STDIN_PIPE});
96
97 my $smbdpid = $envvars->{SMBD_TL_PID};
98 my $nmbdpid = $envvars->{NMBD_TL_PID};
99 my $winbinddpid = $envvars->{WINBINDD_TL_PID};
100
101 # This should give it time to write out the gcov data
102 until ($count > 20) {
103 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
104 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
105 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
106 if ($smbdchild == -1
107 && $nmbdchild == -1
108 && $winbinddchild == -1) {
109 last;
110 }
111 sleep(1);
112 $count++;
113 }
114
115 if ($count <= 20 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
116 return;
117 }
118
119 $self->stop_sig_term($smbdpid);
120 $self->stop_sig_term($nmbdpid);
121 $self->stop_sig_term($winbinddpid);
122
123 $count = 0;
124 until ($count > 10) {
125 my $smbdchild = Samba::cleanup_child($smbdpid, "smbd");
126 my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd");
127 my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd");
128 if ($smbdchild == -1
129 && $nmbdchild == -1
130 && $winbinddchild == -1) {
131 last;
132 }
133 sleep(1);
134 $count++;
135 }
136
137 if ($count <= 10 && kill(0, $smbdpid, $nmbdpid, $winbinddpid) == 0) {
138 return;
139 }
140
141 warn("timelimit process did not quit on SIGTERM, sending SIGKILL");
142 $self->stop_sig_kill($smbdpid);
143 $self->stop_sig_kill($nmbdpid);
144 $self->stop_sig_kill($winbinddpid);
145
146 return 0;
147 }
148
149 sub teardown_env_ctdb($$)
150 {
151 my ($self, $data) = @_;
152
153 if (defined($data->{SAMBA_NODES})) {
154 my $num_nodes = $data->{NUM_NODES};
155 my $nodes = $data->{SAMBA_NODES};
156
157 for (my $i = 0; $i < $num_nodes; $i++) {
158 if (defined($nodes->[$i])) {
159 $self->teardown_env_samba($nodes->[$i]);
160 }
161 }
162 }
163
164 close($data->{CTDB_STDIN_PIPE});
165
166 if (not defined($data->{SAMBA_NODES})) {
167 # Give waiting children time to exit
168 sleep(5);
169 }
170
171 return 0;
172 }
173
174 sub getlog_env_app($$$)
175 {
176 my ($self, $envvars, $name) = @_;
177
178 my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n";
179 my $out = $title;
180
181 open(LOG, "<".$envvars->{$name."_TEST_LOG"});
182
183 seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET);
184 while (<LOG>) {
185 $out .= $_;
186 }
187 $envvars->{$name."_TEST_LOG_POS"} = tell(LOG);
188 close(LOG);
189
190 return "" if $out eq $title;
191
192 return $out;
193 }
194
195 sub getlog_env($$)
196 {
197 my ($self, $envvars) = @_;
198 my $ret = "";
199
200 $ret .= $self->getlog_env_app($envvars, "SMBD");
201 $ret .= $self->getlog_env_app($envvars, "NMBD");
202 $ret .= $self->getlog_env_app($envvars, "WINBINDD");
203
204 return $ret;
205 }
206
207 sub check_env($$)
208 {
209 my ($self, $envvars) = @_;
210
211 my $childpid = waitpid(-1, WNOHANG);
212
213 # TODO ...
214 return 1;
215 }
216
217 # Declare the environments Samba3 makes available.
218 # To be set up, they will be called as
219 # samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...)
220 %Samba3::ENV_DEPS = (
221 # name => [dep_1, dep_2, ...],
222 nt4_dc => [],
223 nt4_dc_smb1 => [],
224 nt4_dc_smb1_done => ["nt4_dc_smb1"],
225 nt4_dc_schannel => [],
226
227 simpleserver => [],
228 fileserver => [],
229 fileserver_smb1 => [],
230 fileserver_smb1_done => ["fileserver_smb1"],
231 maptoguest => [],
232 ktest => [],
233
234 nt4_member => ["nt4_dc"],
235
236 ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"],
237 ad_member_rfc2307 => ["ad_dc_ntvfs"],
238 ad_member_idmap_rid => ["ad_dc"],
239 ad_member_idmap_ad => ["fl2008r2dc"],
240 ad_member_fips => ["ad_dc_fips"],
241 ad_member_offlogon => ["ad_dc"],
242 ad_member_oneway => ["fl2000dc"],
243
244 clusteredmember => ["nt4_dc"],
245 );
246
247 %Samba3::ENV_DEPS_POST = ();
248
249 sub setup_nt4_dc
250 {
251 my ($self, $path, $more_conf, $server) = @_;
252
253 print "PROVISIONING NT4 DC...";
254
255 my $nt4_dc_options = "
256 domain master = yes
257 domain logons = yes
258 lanman auth = yes
259 ntlm auth = yes
260 raw NTLMv2 auth = yes
261 server schannel = auto
262
263 rpc_server:epmapper = external
264 rpc_server:spoolss = external
265 rpc_server:lsarpc = external
266 rpc_server:samr = external
267 rpc_server:netlogon = external
268 rpc_server:register_embedded_np = yes
269 rpc_server:FssagentRpc = external
270
271 rpc_daemon:epmd = fork
272 rpc_daemon:spoolssd = fork
273 rpc_daemon:lsasd = fork
274 rpc_daemon:fssd = fork
275 fss: sequence timeout = 1
276 check parent directory delete on close = yes
277 ";
278
279 if (defined($more_conf)) {
280 $nt4_dc_options = $nt4_dc_options . $more_conf;
281 }
282 if (!defined($server)) {
283 $server = "LOCALNT4DC2";
284 }
285 my $vars = $self->provision(
286 prefix => $path,
287 domain => "SAMBA-TEST",
288 server => $server,
289 password => "localntdc2pass",
290 extra_options => $nt4_dc_options);
291
292 $vars or return undef;
293
294 if (not $self->check_or_start(
295 env_vars => $vars,
296 nmbd => "yes",
297 winbindd => "yes",
298 smbd => "yes")) {
299 return undef;
300 }
301
302 $vars->{DOMSID} = $vars->{SAMSID};
303 $vars->{DC_SERVER} = $vars->{SERVER};
304 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
305 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
306 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
307 $vars->{DC_USERNAME} = $vars->{USERNAME};
308 $vars->{DC_PASSWORD} = $vars->{PASSWORD};
309
310 return $vars;
311 }
312
313 sub setup_nt4_dc_smb1
314 {
315 my ($self, $path) = @_;
316 my $conf = "
317 [global]
318 client min protocol = CORE
319 server min protocol = LANMAN1
320 ";
321 return $self->setup_nt4_dc($path, $conf, "LCLNT4DC2SMB1");
322 }
323
324 sub setup_nt4_dc_smb1_done
325 {
326 my ($self, $path, $dep_env) = @_;
327 return $self->return_alias_env($path, $dep_env);
328 }
329
330 sub setup_nt4_dc_schannel
331 {
332 my ($self, $path) = @_;
333
334 print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ...";
335
336 my $pdc_options = "
337 domain master = yes
338 domain logons = yes
339 lanman auth = yes
340
341 rpc_server:epmapper = external
342 rpc_server:spoolss = external
343 rpc_server:lsarpc = external
344 rpc_server:samr = external
345 rpc_server:netlogon = external
346 rpc_server:register_embedded_np = yes
347
348 rpc_daemon:epmd = fork
349 rpc_daemon:spoolssd = fork
350 rpc_daemon:lsasd = fork
351
352 server schannel = yes
353 # used to reproduce bug #12772
354 server max protocol = SMB2_02
355 ";
356
357 my $vars = $self->provision(
358 prefix => $path,
359 domain => "NT4SCHANNEL",
360 server => "LOCALNT4DC9",
361 password => "localntdc9pass",
362 extra_options => $pdc_options);
363
364 $vars or return undef;
365
366 if (not $self->check_or_start(
367 env_vars => $vars,
368 nmbd => "yes",
369 winbindd => "yes",
370 smbd => "yes")) {
371 return undef;
372 }
373
374 $vars->{DOMSID} = $vars->{SAMSID};
375 $vars->{DC_SERVER} = $vars->{SERVER};
376 $vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
377 $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
378 $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
379 $vars->{DC_USERNAME} = $vars->{USERNAME};
380 $vars->{DC_PASSWORD} = $vars->{PASSWORD};
381
382 return $vars;
383 }
384
385 sub setup_nt4_member
386 {
387 my ($self, $prefix, $nt4_dc_vars) = @_;
388 my $count = 0;
389 my $rc;
390
391 print "PROVISIONING MEMBER...";
392
393 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
394 if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") {
395 $require_mutexes = "";
396 }
397
398 my $member_options = "
399 security = domain
400 dbwrap_tdb_mutexes:* = yes
401 ${require_mutexes}
402 ";
403 my $ret = $self->provision(
404 prefix => $prefix,
405 domain => $nt4_dc_vars->{DOMAIN},
406 server => "LOCALNT4MEMBER3",
407 password => "localnt4member3pass",
408 extra_options => $member_options);
409
410 $ret or return undef;
411
412 my $nmblookup = Samba::bindir_path($self, "nmblookup");
413 do {
414 print "Waiting for the LOGON SERVER registration ...\n";
415 $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c");
416 if ($rc != 0) {
417 sleep(1);
418 }
419 $count++;
420 } while ($rc != 0 && $count < 10);
421 if ($count == 10) {
422 print "NMBD not reachable after 10 retries\n";
423 teardown_env($self, $ret);
424 return 0;
425 }
426
427 my $net = Samba::bindir_path($self, "net");
428 # Add hosts file for name lookups
429 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
430 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
431 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
432 $cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
433 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
434
435 if (system($cmd) != 0) {
436 warn("Join failed\n$cmd");
437 return undef;
438 }
439
440 # Add hosts file for name lookups
441 $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
442 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
443 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
444 $cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'";
445
446 if (system($cmd) != 0) {
447 warn("check failed\n$cmd");
448 return undef;
449 }
450
451 if (not $self->check_or_start(
452 env_vars => $ret,
453 nmbd => "yes",
454 winbindd => "yes",
455 smbd => "yes")) {
456 return undef;
457 }
458
459 $ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
460 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
461 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
462 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
463 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
464 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
465 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
466
467 return $ret;
468 }
469
470 sub setup_clusteredmember
471 {
472 my ($self, $prefix, $nt4_dc_vars) = @_;
473 my $count = 0;
474 my $rc;
475 my @retvals = ();
476 my $ret;
477
478 print "PROVISIONING CLUSTEREDMEMBER...\n";
479
480 my $prefix_abs = abs_path($prefix);
481 mkdir($prefix_abs, 0777);
482
483 my $server_name = "CLUSTEREDMEMBER";
484
485 my $ctdb_data = $self->setup_ctdb($prefix);
486
487 if (not $ctdb_data) {
488 print "No ctdb data\n";
489 return undef;
490 }
491
492 print "PROVISIONING CLUSTERED SAMBA...\n";
493
494 my $num_nodes = $ctdb_data->{NUM_NODES};
495 my $nodes = $ctdb_data->{CTDB_NODES};
496
497 # Enable cleanup of earlier nodes if a later node fails
498 $ctdb_data->{SAMBA_NODES} = \@retvals;
499
500 for (my $i = 0; $i < $num_nodes; $i++) {
501 my $node = $nodes->[$i];
502 my $socket = $node->{SOCKET_FILE};
503 my $server_name = $node->{SERVER_NAME};
504 my $pub_iface = $node->{SOCKET_WRAPPER_DEFAULT_IFACE};
505 my $node_prefix = $node->{NODE_PREFIX};
506
507 print "NODE_PREFIX=${node_prefix}\n";
508 print "SOCKET=${socket}\n";
509
510 my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes";
511 if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") {
512 $require_mutexes = "" ;
513 }
514
515 my $member_options = "
516 security = domain
517 server signing = on
518 clustering = yes
519 ctdbd socket = ${socket}
520 include = registry
521 dbwrap_tdb_mutexes:* = yes
522 ${require_mutexes}
523 ";
524
525 my $node_ret = $self->provision(
526 prefix => "$node_prefix",
527 domain => $nt4_dc_vars->{DOMAIN},
528 server => "$server_name",
529 password => "clustermember8pass",
530 netbios_name => "CLUSTEREDMEMBER",
531 share_dir => "${prefix_abs}/shared",
532 extra_options => $member_options,
533 no_delete_prefix => 1);
534 if (not $node_ret) {
535 print "Provision node $i failed\n";
536 teardown_env($self, $ctdb_data);
537 return undef;
538 }
539
540 my $nmblookup = Samba::bindir_path($self, "nmblookup");
541 do {
542 print "Waiting for the LOGON SERVER registration ...\n";
543 $rc = system("$nmblookup $node_ret->{CONFIGURATION} " .
544 "$node_ret->{DOMAIN}\#1c");
545 if ($rc != 0) {
546 sleep(1);
547 }
548 $count++;
549 } while ($rc != 0 && $count < 10);
550
551 if ($count == 10) {
552 print "NMBD not reachable after 10 retries\n";
553 teardown_env($self, $node_ret);
554 teardown_env($self, $ctdb_data);
555 return undef;
556 }
557
558 push(@retvals, $node_ret);
559 }
560
561 $ret = {%$ctdb_data, %{$retvals[0]}};
562
563 my $net = Samba::bindir_path($self, "net");
564 my $cmd = "";
565 $cmd .= "UID_WRAPPER_ROOT=1 ";
566 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
567 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
568 $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member";
569 $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}";
570
571 if (system($cmd) != 0) {
572 warn("Join failed\n$cmd");
573 teardown_env($self, $ret);
574 return undef;
575 }
576
577 for (my $i=0; $i<@retvals; $i++) {
578 my $node_provision = $retvals[$i];
579 my $ok;
580 $ok = $self->check_or_start(
581 env_vars => $node_provision,
582 winbindd => "yes",
583 smbd => "yes",
584 child_cleanup => sub {
585 map {
586 my $fh = $_->{STDIN_PIPE};
587 close($fh) if defined($fh);
588 } @retvals });
589 if (not $ok) {
590 teardown_env($self, $ret);
591 return undef;
592 }
593 }
594
595 #
596 # Build a unclist for every share
597 #
598 unless (open(NODES, "<$ret->{CTDB_NODES_FILE}")) {
599 warn("Unable to open CTDB nodes file");
600 teardown_env($self, $ret);
601 return undef;
602 }
603 my @nodes = <NODES>;
604 close(NODES);
605 chomp @nodes;
606
607 my $conffile = $ret->{SERVERCONFFILE};
608 $cmd = "";
609 $cmd .= 'sed -n -e \'s|^\[\(.*\)\]$|\1|p\'';
610 $cmd .= " \"$conffile\"";
611 $cmd .= " | grep -vx 'global'";
612
613 my @shares = `$cmd`;
614 $rc = $?;
615 if ($rc != 0) {
616 warn("Listing shares failed\n$cmd");
617 teardown_env($self, $ret);
618 return undef;
619 }
620 chomp @shares;
621
622 my $unclistdir = "${prefix_abs}/unclists";
623 mkdir($unclistdir, 0777);
624 foreach my $share (@shares) {
625 my $l = "${unclistdir}/${share}.txt";
626 unless (open(UNCLIST, ">${l}")) {
627 warn("Unable to open UNC list ${l}");
628 teardown_env($self, $ret);
629 return undef;
630 }
631 foreach my $node (@nodes) {
632 print UNCLIST "//${node}/${share}\n";
633 }
634 close(UNCLIST);
635 }
636
637 $ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
638 $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
639 $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
640 $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
641 $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME};
642 $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME};
643 $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD};
644
645 return $ret;
646 }
647
648 sub provision_ad_member
649 {
650 my ($self,
651 $prefix,
652 $machine_account,
653 $dcvars,
654 $trustvars_f,
655 $trustvars_e,
656 $force_fips_mode,
657 $offline_logon) = @_;
658
659 my $prefix_abs = abs_path($prefix);
660 my @dirs = ();
661
662 mkdir($prefix_abs, 0777);
663
664 my $share_dir="$prefix_abs/share";
665 push(@dirs, $share_dir);
666
667 my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}";
668 push(@dirs, $substitution_path);
669
670 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice";
671 push(@dirs, $substitution_path);
672
673 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users";
674 push(@dirs, $substitution_path);
675
676 # Using '/' as the winbind separator is a bad idea ...
677 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}";
678 push(@dirs, $substitution_path);
679
680 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice";
681 push(@dirs, $substitution_path);
682
683 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}";
684 push(@dirs, $substitution_path);
685
686 $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users";
687 push(@dirs, $substitution_path);
688
689 my $option_offline_logon = "no";
690 if (defined($offline_logon)) {
691 $option_offline_logon = "yes";
692 }
693
694 my $netbios_aliases = "";
695 if ($machine_account eq "LOCALADMEMBER") {
696 $netbios_aliases = "netbios aliases = foo bar";
697 }
698
699 my $member_options = "
700 security = ads
701 workgroup = $dcvars->{DOMAIN}
702 realm = $dcvars->{REALM}
703 $netbios_aliases
704 template homedir = /home/%D/%G/%U
705 auth event notification = true
706 password server = $dcvars->{SERVER}
707 winbind scan trusted domains = no
708 winbind offline logon = $option_offline_logon
709
710 allow dcerpc auth level connect:lsarpc = yes
711 dcesrv:max auth states = 8
712
713 rpc_server:epmapper = external
714 rpc_server:lsarpc = external
715 rpc_server:samr = external
716 rpc_server:netlogon = disabled
717 rpc_server:register_embedded_np = yes
718
719 rpc_daemon:epmd = fork
720 rpc_daemon:lsasd = fork
721
722 [sub_dug]
723 path = $share_dir/D_%D/U_%U/G_%G
724 writeable = yes
725
726 [sub_dug2]
727 path = $share_dir/D_%D/u_%u/g_%g
728 writeable = yes
729
730 [sub_valid_users]
731 path = $share_dir
732 valid users = ADDOMAIN/%U
733
734 [sub_valid_users_domain]
735 path = $share_dir
736 valid users = %D/%U
737
738 [sub_valid_users_group]
739 path = $share_dir
740 valid users = \@$dcvars->{DOMAIN}/%G
741
742 [valid_users]
743 path = $share_dir
744 valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
745
746 [valid_users_group]
747 path = $share_dir
748 valid users = \"\@$dcvars->{DOMAIN}/domain users\"
749
750 [valid_users_unix_group]
751 path = $share_dir
752 valid users = \"+$dcvars->{DOMAIN}/domain users\"
753
754 [valid_users_unix_nis_group]
755 path = $share_dir
756 valid users = \"+&$dcvars->{DOMAIN}/domain users\"
757
758 [valid_users_nis_unix_group]
759 path = $share_dir
760 valid users = \"&+$dcvars->{DOMAIN}/domain users\"
761
762 [invalid_users]
763 path = $share_dir
764 invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
765
766 [valid_and_invalid_users]
767 path = $share_dir
768 valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice
769 invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
770 ";
771
772 my $ret = $self->provision(
773 prefix => $prefix,
774 domain => $dcvars->{DOMAIN},
775 realm => $dcvars->{REALM},
776 server => $machine_account,
777 password => "loCalMemberPass",
778 extra_options => $member_options,
779 resolv_conf => $dcvars->{RESOLV_CONF});
780
781 $ret or return undef;
782
783 mkdir($_, 0777) foreach(@dirs);
784
785 $ret->{DOMAIN} = $dcvars->{DOMAIN};
786 $ret->{REALM} = $dcvars->{REALM};
787 $ret->{DOMSID} = $dcvars->{DOMSID};
788
789 my $ctx;
790 $ctx = {};
791 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
792 $ctx->{domain} = $dcvars->{DOMAIN};
793 $ctx->{realm} = $dcvars->{REALM};
794 $ctx->{dnsname} = lc($dcvars->{REALM});
795 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
796 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
797 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
798 Samba::mk_krb5_conf($ctx, "");
799
800 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
801
802 if (defined($force_fips_mode)) {
803 $ret->{GNUTLS_FORCE_FIPS_MODE} = "1";
804 $ret->{OPENSSL_FORCE_FIPS_MODE} = "1";
805 }
806
807 my $net = Samba::bindir_path($self, "net");
808 # Add hosts file for name lookups
809 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
810 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
811 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
812 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
813 } else {
814 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
815 }
816 if (defined($force_fips_mode)) {
817 $cmd .= "GNUTLS_FORCE_FIPS_MODE=1 ";
818 $cmd .= "OPENSSL_FORCE_FIPS_MODE=1 ";
819 }
820 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
821 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
822 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
823 $cmd .= "$net join $ret->{CONFIGURATION}";
824 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required";
825
826 if (system($cmd) != 0) {
827 warn("Join failed\n$cmd");
828 return undef;
829 }
830
831 # We need world access to this share, as otherwise the domain
832 # administrator from the AD domain provided by Samba4 can't
833 # access the share for tests.
834 chmod 0777, "$prefix/share";
835
836 if (defined($offline_logon)) {
837 my $wbinfo = Samba::bindir_path($self, "wbinfo");
838
839 if (not $self->check_or_start(
840 env_vars => $ret,
841 winbindd => "yes")) {
842 return undef;
843 }
844
845 # Fill samlogoncache for alice
846 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
847 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
848 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
849 $cmd .= "$wbinfo --pam-logon=ADDOMAIN/alice%Secret007";
850 if (system($cmd) != 0) {
851 warn("Filling the cache failed\n$cmd");
852 return undef;
853 }
854
855 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
856 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
857 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
858 $cmd .= "$wbinfo --ccache-save=ADDOMAIN/alice%Secret007";
859 if (system($cmd) != 0) {
860 warn("Filling the cache failed\n$cmd");
861 return undef;
862 }
863
864 # Fill samlogoncache for bob
865 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
866 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
867 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
868 $cmd .= "$wbinfo --pam-logon=ADDOMAIN/bob%Secret007";
869 if (system($cmd) != 0) {
870 warn("Filling the cache failed\n$cmd");
871 return undef;
872 }
873
874 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
875 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
876 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
877 $cmd .= "$wbinfo --ccache-save=ADDOMAIN/bob%Secret007";
878 if (system($cmd) != 0) {
879 warn("Filling the cache failed\n$cmd");
880 return undef;
881 }
882
883 # Set windindd offline
884 my $smbcontrol = Samba::bindir_path($self, "smbcontrol");
885 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
886 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
887 $cmd .= "UID_WRAPPER_ROOT='1' ";
888 $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd offline";
889 if (system($cmd) != 0) {
890 warn("Setting winbindd offline failed\n$cmd");
891 return undef;
892 }
893
894 # Validate the offline cache
895 $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' ";
896 $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' ";
897 $cmd .= "UID_WRAPPER_ROOT='1' ";
898 $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd validate-cache";
899 if (system($cmd) != 0) {
900 warn("Validation of winbind credential cache failed\n$cmd");
901 teardown_env($self, $ret);
902 return undef;
903 }
904
905 # Shut down winbindd
906 teardown_env($self, $ret);
907
908 ### Change SOCKET_WRAPPER_DIR so it can't connect to AD
909 my $swrap_env = $ENV{SOCKET_WRAPPER_DIR};
910 $ENV{SOCKET_WRAPPER_DIR} = "$prefix_abs";
911
912 # Start winbindd in offline mode
913 if (not $self->check_or_start(
914 env_vars => $ret,
915 winbindd => "offline")) {
916 return undef;
917 }
918
919 # Set socket dir again
920 $ENV{SOCKET_WRAPPER_DIR} = $swrap_env;
921
922 } else {
923 if (not $self->check_or_start(
924 env_vars => $ret,
925 nmbd => "yes",
926 winbindd => "yes",
927 smbd => "yes")) {
928 return undef;
929 }
930 }
931
932 $ret->{DC_SERVER} = $dcvars->{SERVER};
933 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
934 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
935 $ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE};
936 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
937 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
938 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
939
940 # forest trust
941 $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER};
942 $ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP};
943 $ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6};
944 $ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME};
945 $ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME};
946 $ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD};
947 $ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN};
948 $ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM};
949
950 # external trust
951 $ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER};
952 $ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP};
953 $ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6};
954 $ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME};
955 $ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME};
956 $ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD};
957 $ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN};
958 $ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM};
959
960 return $ret;
961 }
962
963 sub setup_ad_member
964 {
965 my ($self,
966 $prefix,
967 $dcvars,
968 $trustvars_f,
969 $trustvars_e) = @_;
970
971 # If we didn't build with ADS, pretend this env was never available
972 if (not $self->have_ads()) {
973 return "UNKNOWN";
974 }
975
976 print "PROVISIONING AD MEMBER...";
977
978 return $self->provision_ad_member($prefix,
979 "LOCALADMEMBER",
980 $dcvars,
981 $trustvars_f,
982 $trustvars_e);
983 }
984
985 sub setup_ad_member_rfc2307
986 {
987 my ($self, $prefix, $dcvars) = @_;
988
989 # If we didn't build with ADS, pretend this env was never available
990 if (not $self->have_ads()) {
991 return "UNKNOWN";
992 }
993
994 print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config...";
995
996 my $member_options = "
997 security = ads
998 workgroup = $dcvars->{DOMAIN}
999 realm = $dcvars->{REALM}
1000 idmap cache time = 0
1001 idmap negative cache time = 0
1002 idmap config * : backend = autorid
1003 idmap config * : range = 1000000-1999999
1004 idmap config * : rangesize = 100000
1005 idmap config $dcvars->{DOMAIN} : backend = rfc2307
1006 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1007 idmap config $dcvars->{DOMAIN} : ldap_server = ad
1008 idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com
1009 idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
1010
1011 password server = $dcvars->{SERVER}
1012 ";
1013
1014 my $ret = $self->provision(
1015 prefix => $prefix,
1016 domain => $dcvars->{DOMAIN},
1017 realm => $dcvars->{REALM},
1018 server => "RFC2307MEMBER",
1019 password => "loCalMemberPass",
1020 extra_options => $member_options,
1021 resolv_conf => $dcvars->{RESOLV_CONF});
1022
1023 $ret or return undef;
1024
1025 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1026 $ret->{REALM} = $dcvars->{REALM};
1027 $ret->{DOMSID} = $dcvars->{DOMSID};
1028
1029 my $ctx;
1030 my $prefix_abs = abs_path($prefix);
1031 $ctx = {};
1032 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1033 $ctx->{domain} = $dcvars->{DOMAIN};
1034 $ctx->{realm} = $dcvars->{REALM};
1035 $ctx->{dnsname} = lc($dcvars->{REALM});
1036 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1037 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1038 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1039 Samba::mk_krb5_conf($ctx, "");
1040
1041 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1042
1043 my $net = Samba::bindir_path($self, "net");
1044 # Add hosts file for name lookups
1045 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1046 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1047 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1048 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1049 } else {
1050 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1051 }
1052 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1053 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1054 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1055 $cmd .= "$net join $ret->{CONFIGURATION}";
1056 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1057
1058 if (system($cmd) != 0) {
1059 warn("Join failed\n$cmd");
1060 return undef;
1061 }
1062
1063 # We need world access to this share, as otherwise the domain
1064 # administrator from the AD domain provided by Samba4 can't
1065 # access the share for tests.
1066 chmod 0777, "$prefix/share";
1067
1068 if (not $self->check_or_start(
1069 env_vars => $ret,
1070 nmbd => "yes",
1071 winbindd => "yes",
1072 smbd => "yes")) {
1073 return undef;
1074 }
1075
1076 $ret->{DC_SERVER} = $dcvars->{SERVER};
1077 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1078 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1079 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1080 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1081 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1082
1083 return $ret;
1084 }
1085
1086 sub setup_ad_member_idmap_rid
1087 {
1088 my ($self, $prefix, $dcvars) = @_;
1089
1090 # If we didn't build with ADS, pretend this env was never available
1091 if (not $self->have_ads()) {
1092 return "UNKNOWN";
1093 }
1094
1095 print "PROVISIONING S3 AD MEMBER WITH idmap_rid config...";
1096
1097 my $member_options = "
1098 security = ads
1099 workgroup = $dcvars->{DOMAIN}
1100 realm = $dcvars->{REALM}
1101 idmap config * : backend = tdb
1102 idmap config * : range = 1000000-1999999
1103 idmap config $dcvars->{DOMAIN} : backend = rid
1104 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1105 # Prevent overridding the provisioned lib/krb5.conf which sets certain
1106 # values required for tests to succeed
1107 create krb5 conf = no
1108 map to guest = bad user
1109 ";
1110
1111 my $ret = $self->provision(
1112 prefix => $prefix,
1113 domain => $dcvars->{DOMAIN},
1114 realm => $dcvars->{REALM},
1115 server => "IDMAPRIDMEMBER",
1116 password => "loCalMemberPass",
1117 extra_options => $member_options,
1118 resolv_conf => $dcvars->{RESOLV_CONF});
1119
1120 $ret or return undef;
1121
1122 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1123 $ret->{REALM} = $dcvars->{REALM};
1124 $ret->{DOMSID} = $dcvars->{DOMSID};
1125
1126 my $ctx;
1127 my $prefix_abs = abs_path($prefix);
1128 $ctx = {};
1129 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1130 $ctx->{domain} = $dcvars->{DOMAIN};
1131 $ctx->{realm} = $dcvars->{REALM};
1132 $ctx->{dnsname} = lc($dcvars->{REALM});
1133 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1134 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1135 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1136 Samba::mk_krb5_conf($ctx, "");
1137
1138 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1139
1140 my $net = Samba::bindir_path($self, "net");
1141 # Add hosts file for name lookups
1142 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1143 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1144 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1145 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1146 } else {
1147 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1148 }
1149 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1150 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1151 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1152 $cmd .= "$net join $ret->{CONFIGURATION}";
1153 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1154
1155 if (system($cmd) != 0) {
1156 warn("Join failed\n$cmd");
1157 return undef;
1158 }
1159
1160 # We need world access to this share, as otherwise the domain
1161 # administrator from the AD domain provided by Samba4 can't
1162 # access the share for tests.
1163 chmod 0777, "$prefix/share";
1164
1165 if (not $self->check_or_start(
1166 env_vars => $ret,
1167 nmbd => "yes",
1168 winbindd => "yes",
1169 smbd => "yes")) {
1170 return undef;
1171 }
1172
1173 $ret->{DC_SERVER} = $dcvars->{SERVER};
1174 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1175 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1176 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1177 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1178 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1179
1180 return $ret;
1181 }
1182
1183 sub setup_ad_member_idmap_ad
1184 {
1185 my ($self, $prefix, $dcvars) = @_;
1186
1187 # If we didn't build with ADS, pretend this env was never available
1188 if (not $self->have_ads()) {
1189 return "UNKNOWN";
1190 }
1191
1192 print "PROVISIONING S3 AD MEMBER WITH idmap_ad config...";
1193
1194 my $member_options = "
1195 security = ads
1196 workgroup = $dcvars->{DOMAIN}
1197 realm = $dcvars->{REALM}
1198 password server = $dcvars->{SERVER}
1199 idmap config * : backend = tdb
1200 idmap config * : range = 1000000-1999999
1201 idmap config $dcvars->{DOMAIN} : backend = ad
1202 idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
1203 idmap config $dcvars->{DOMAIN} : unix_primary_group = yes
1204 idmap config $dcvars->{DOMAIN} : unix_nss_info = yes
1205 idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
1206 idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
1207 gensec_gssapi:requested_life_time = 5
1208 ";
1209
1210 my $ret = $self->provision(
1211 prefix => $prefix,
1212 domain => $dcvars->{DOMAIN},
1213 realm => $dcvars->{REALM},
1214 server => "IDMAPADMEMBER",
1215 password => "loCalMemberPass",
1216 extra_options => $member_options,
1217 resolv_conf => $dcvars->{RESOLV_CONF});
1218
1219 $ret or return undef;
1220
1221 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1222 $ret->{REALM} = $dcvars->{REALM};
1223 $ret->{DOMSID} = $dcvars->{DOMSID};
1224
1225 my $ctx;
1226 my $prefix_abs = abs_path($prefix);
1227 $ctx = {};
1228 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1229 $ctx->{domain} = $dcvars->{DOMAIN};
1230 $ctx->{realm} = $dcvars->{REALM};
1231 $ctx->{dnsname} = lc($dcvars->{REALM});
1232 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1233 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1234 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1235 Samba::mk_krb5_conf($ctx, "");
1236
1237 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1238
1239 my $net = Samba::bindir_path($self, "net");
1240 # Add hosts file for name lookups
1241 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1242 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1243 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1244 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1245 } else {
1246 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1247 }
1248 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1249 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1250 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1251 $cmd .= "$net join $ret->{CONFIGURATION}";
1252 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1253
1254 if (system($cmd) != 0) {
1255 warn("Join failed\n$cmd");
1256 return undef;
1257 }
1258
1259 # We need world access to this share, as otherwise the domain
1260 # administrator from the AD domain provided by Samba4 can't
1261 # access the share for tests.
1262 chmod 0777, "$prefix/share";
1263
1264 if (not $self->check_or_start(
1265 env_vars => $ret,
1266 nmbd => "yes",
1267 winbindd => "yes",
1268 smbd => "yes")) {
1269 return undef;
1270 }
1271
1272 $ret->{DC_SERVER} = $dcvars->{SERVER};
1273 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1274 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1275 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1276 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1277 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1278
1279 $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
1280 $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
1281 $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
1282 $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
1283 $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
1284 $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
1285
1286 return $ret;
1287 }
1288
1289 sub setup_ad_member_oneway
1290 {
1291 my ($self, $prefix, $dcvars) = @_;
1292
1293 # If we didn't build with ADS, pretend this env was never available
1294 if (not $self->have_ads()) {
1295 return "UNKNOWN";
1296 }
1297
1298 print "PROVISIONING S3 AD MEMBER WITH one-way trust...";
1299
1300 my $member_options = "
1301 security = ads
1302 workgroup = $dcvars->{DOMAIN}
1303 realm = $dcvars->{REALM}
1304 password server = $dcvars->{SERVER}
1305 idmap config * : backend = tdb
1306 idmap config * : range = 1000000-1999999
1307 gensec_gssapi:requested_life_time = 5
1308 ";
1309
1310 my $ret = $self->provision(
1311 prefix => $prefix,
1312 domain => $dcvars->{DOMAIN},
1313 server => "S2KMEMBER",
1314 password => "loCalS2KMemberPass",
1315 extra_options => $member_options,
1316 resolv_conf => $dcvars->{RESOLV_CONF});
1317
1318 $ret or return undef;
1319
1320 $ret->{DOMAIN} = $dcvars->{DOMAIN};
1321 $ret->{REALM} = $dcvars->{REALM};
1322 $ret->{DOMSID} = $dcvars->{DOMSID};
1323
1324 my $ctx;
1325 my $prefix_abs = abs_path($prefix);
1326 $ctx = {};
1327 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1328 $ctx->{domain} = $dcvars->{DOMAIN};
1329 $ctx->{realm} = $dcvars->{REALM};
1330 $ctx->{dnsname} = lc($dcvars->{REALM});
1331 $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
1332 $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
1333 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1334 Samba::mk_krb5_conf($ctx, "");
1335
1336 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1337
1338 my $net = Samba::bindir_path($self, "net");
1339 # Add hosts file for name lookups
1340 my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' ";
1341 $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
1342 if (defined($ret->{RESOLV_WRAPPER_CONF})) {
1343 $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
1344 } else {
1345 $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
1346 }
1347 $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
1348 $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
1349 $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
1350 $cmd .= "$net join $ret->{CONFIGURATION}";
1351 $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
1352
1353 if (system($cmd) != 0) {
1354 warn("Join failed\n$cmd");
1355 return undef;
1356 }
1357
1358 if (not $self->check_or_start(
1359 env_vars => $ret,
1360 winbindd => "yes")) {
1361 return undef;
1362 }
1363
1364 $ret->{DC_SERVER} = $dcvars->{SERVER};
1365 $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
1366 $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
1367 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
1368 $ret->{DC_USERNAME} = $dcvars->{USERNAME};
1369 $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
1370
1371 $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
1372 $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
1373 $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
1374 $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
1375 $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
1376 $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
1377
1378 return $ret;
1379 }
1380
1381 sub setup_ad_member_fips
1382 {
1383 my ($self,
1384 $prefix,
1385 $dcvars,
1386 $trustvars_f,
1387 $trustvars_e) = @_;
1388
1389 # If we didn't build with ADS, pretend this env was never available
1390 if (not $self->have_ads()) {
1391 return "UNKNOWN";
1392 }
1393
1394 print "PROVISIONING AD FIPS MEMBER...";
1395
1396 return $self->provision_ad_member($prefix,
1397 "FIPSADMEMBER",
1398 $dcvars,
1399 $trustvars_f,
1400 $trustvars_e,
1401 1);
1402 }
1403
1404 sub setup_ad_member_offlogon
1405 {
1406 my ($self,
1407 $prefix,
1408 $dcvars,
1409 $trustvars_f,
1410 $trustvars_e) = @_;
1411
1412 # If we didn't build with ADS, pretend this env was never available
1413 if (not $self->have_ads()) {
1414 return "UNKNOWN";
1415 }
1416
1417 print "PROVISIONING AD MEMBER OFFLINE LOGON...";
1418
1419 return $self->provision_ad_member($prefix,
1420 "OFFLINEADMEM",
1421 $dcvars,
1422 $trustvars_f,
1423 $trustvars_e,
1424 undef,
1425 1);
1426 }
1427
1428 sub setup_simpleserver
1429 {
1430 my ($self, $path) = @_;
1431
1432 print "PROVISIONING simple server...";
1433
1434 my $prefix_abs = abs_path($path);
1435 mkdir($prefix_abs, 0777);
1436
1437 my $external_streams_depot="$prefix_abs/external_streams_depot";
1438 remove_tree($external_streams_depot);
1439 mkdir($external_streams_depot, 0777);
1440
1441 my $simpleserver_options = "
1442 lanman auth = yes
1443 ntlm auth = yes
1444 vfs objects = xattr_tdb streams_depot
1445 change notify = no
1446 server smb encrypt = off
1447
1448 [vfs_aio_pthread]
1449 path = $prefix_abs/share
1450 read only = no
1451 vfs objects = aio_pthread
1452 aio_pthread:aio open = yes
1453 smbd async dosmode = no
1454
1455 [vfs_aio_pthread_async_dosmode_default1]
1456 path = $prefix_abs/share
1457 read only = no
1458 vfs objects = aio_pthread
1459 store dos attributes = yes
1460 aio_pthread:aio open = yes
1461 smbd async dosmode = yes
1462
1463 [vfs_aio_pthread_async_dosmode_default2]
1464 path = $prefix_abs/share
1465 read only = no
1466 vfs objects = aio_pthread xattr_tdb
1467 store dos attributes = yes
1468 aio_pthread:aio open = yes
1469 smbd async dosmode = yes
1470
1471 [vfs_aio_pthread_async_dosmode_force_sync1]
1472 path = $prefix_abs/share
1473 read only = no
1474 vfs objects = aio_pthread
1475 store dos attributes = yes
1476 aio_pthread:aio open = yes
1477 smbd async dosmode = yes
1478 # This simulates non linux systems
1479 smbd:force sync user path safe threadpool = yes
1480 smbd:force sync user chdir safe threadpool = yes
1481 smbd:force sync root path safe threadpool = yes
1482 smbd:force sync root chdir safe threadpool = yes
1483
1484 [vfs_aio_pthread_async_dosmode_force_sync2]
1485 path = $prefix_abs/share
1486 read only = no
1487 vfs objects = aio_pthread xattr_tdb
1488 store dos attributes = yes
1489 aio_pthread:aio open = yes
1490 smbd async dosmode = yes
1491 # This simulates non linux systems
1492 smbd:force sync user path safe threadpool = yes
1493 smbd:force sync user chdir safe threadpool = yes
1494 smbd:force sync root path safe threadpool = yes
1495 smbd:force sync root chdir safe threadpool = yes
1496
1497 [vfs_aio_fork]
1498 path = $prefix_abs/share
1499 vfs objects = aio_fork
1500 read only = no
1501 vfs_aio_fork:erratic_testing_mode=yes
1502
1503 [dosmode]
1504 path = $prefix_abs/share
1505 vfs objects =
1506 store dos attributes = yes
1507 hide files = /hidefile/
1508 hide dot files = yes
1509
1510 [hidenewfiles]
1511 path = $prefix_abs/share
1512 hide new files timeout = 5
1513
1514 [external_streams_depot]
1515 path = $prefix_abs/share
1516 read only = no
1517 streams_depot:directory = $external_streams_depot
1518 ";
1519
1520 my $vars = $self->provision(
1521 prefix => $path,
1522 domain => "WORKGROUP",
1523 server => "LOCALSHARE4",
1524 password => "local4pass",
1525 extra_options => $simpleserver_options);
1526
1527 $vars or return undef;
1528
1529 if (not $self->check_or_start(
1530 env_vars => $vars,
1531 nmbd => "yes",
1532 smbd => "yes")) {
1533 return undef;
1534 }
1535
1536 return $vars;
1537 }
1538
1539 sub create_file_chmod($$)
1540 {
1541 my ($name, $mode) = @_;
1542 my $fh;
1543
1544 unless (open($fh, '>', $name)) {
1545 warn("Unable to open $name");
1546 return undef;
1547 }
1548 chmod($mode, $fh);
1549 }
1550
1551 sub setup_fileserver
1552 {
1553 my ($self, $path, $more_conf, $server) = @_;
1554 my $prefix_abs = abs_path($path);
1555 my $srcdir_abs = abs_path($self->{srcdir});
1556
1557 print "PROVISIONING file server ...\n";
1558
1559 my @dirs = ();
1560
1561 mkdir($prefix_abs, 0777);
1562
1563 my $usershare_dir="$prefix_abs/lib/usershare";
1564
1565 mkdir("$prefix_abs/lib", 0755);
1566 remove_tree($usershare_dir);
1567 mkdir($usershare_dir, 01770);
1568
1569 my $share_dir="$prefix_abs/share";
1570
1571 # Create share directory structure
1572 my $lower_case_share_dir="$share_dir/lower-case";
1573 push(@dirs, $lower_case_share_dir);
1574
1575 my $lower_case_share_dir_30000="$share_dir/lower-case-30000";
1576 push(@dirs, $lower_case_share_dir_30000);
1577
1578 my $dfree_share_dir="$share_dir/dfree";
1579 push(@dirs, $dfree_share_dir);
1580 push(@dirs, "$dfree_share_dir/subdir1");
1581 push(@dirs, "$dfree_share_dir/subdir2");
1582 push(@dirs, "$dfree_share_dir/subdir3");
1583
1584 my $quotadir_dir="$share_dir/quota";
1585 push(@dirs, $quotadir_dir);
1586
1587 my $valid_users_sharedir="$share_dir/valid_users";
1588 push(@dirs,$valid_users_sharedir);
1589
1590 my $offline_sharedir="$share_dir/offline";
1591 push(@dirs,$offline_sharedir);
1592
1593 my $force_user_valid_users_dir = "$share_dir/force_user_valid_users";
1594 push(@dirs, $force_user_valid_users_dir);
1595
1596 my $smbget_sharedir="$share_dir/smbget";
1597 push(@dirs,$smbget_sharedir);
1598
1599 my $tarmode_sharedir="$share_dir/tarmode";
1600 push(@dirs,$tarmode_sharedir);
1601
1602 my $tarmode2_sharedir="$share_dir/tarmode2";
1603 push(@dirs,$tarmode2_sharedir);
1604
1605 my $smbcacls_sharedir="$share_dir/smbcacls";
1606 push(@dirs,$smbcacls_sharedir);
1607
1608 my $usershare_sharedir="$share_dir/usershares";
1609 push(@dirs,$usershare_sharedir);
1610
1611 my $dropbox_sharedir="$share_dir/dropbox";
1612 push(@dirs,$dropbox_sharedir);
1613
1614 my $bad_iconv_sharedir="$share_dir/bad_iconv";
1615 push(@dirs, $bad_iconv_sharedir);
1616
1617 my $ip4 = Samba::get_ipv4_addr("FILESERVER");
1618 my $fileserver_options = "
1619 kernel change notify = yes
1620 rpc_server:mdssvc = embedded
1621 spotlight backend = elasticsearch
1622 elasticsearch:address = $ip4
1623 elasticsearch:port = 8080
1624 elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json
1625
1626 usershare path = $usershare_dir
1627 usershare max shares = 10
1628 usershare allow guests = yes
1629 usershare prefix allow list = $usershare_sharedir
1630
1631 get quota command = $prefix_abs/getset_quota.py
1632 set quota command = $prefix_abs/getset_quota.py
1633 [tarmode]
1634 path = $tarmode_sharedir
1635 comment = tar test share
1636 xattr_tdb:file = $prefix_abs/tarmode-xattr.tdb
1637 [tarmode2]
1638 path = $tarmode2_sharedir
1639 comment = tar test share
1640 xattr_tdb:file = $prefix_abs/tarmode2-xattr.tdb
1641 [spotlight]
1642 path = $share_dir
1643 spotlight = yes
1644 read only = no
1645 [no_spotlight]
1646 path = $share_dir
1647 spotlight = no
1648 read only = no
1649 [lowercase]
1650 path = $lower_case_share_dir
1651 comment = smb username is [%U]
1652 case sensitive = True
1653 default case = lower
1654 preserve case = no
1655 short preserve case = no
1656 [lowercase-30000]
1657 path = $lower_case_share_dir_30000
1658 comment = smb username is [%U]
1659 case sensitive = True
1660 default case = lower
1661 preserve case = no
1662 short preserve case = no
1663 [dfree]
1664 path = $dfree_share_dir
1665 comment = smb username is [%U]
1666 dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh
1667 [valid-users-access]
1668 path = $valid_users_sharedir
1669 valid users = +userdup
1670 [offline]
1671 path = $offline_sharedir
1672 vfs objects = offline
1673
1674 # BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
1675 # RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
1676 [force_user_valid_users]
1677 path = $force_user_valid_users_dir
1678 comment = force user with valid users combination test share
1679 valid users = +force_user
1680 force user = force_user
1681 force group = everyone
1682 write list = force_user
1683
1684 [smbget]
1685 path = $smbget_sharedir
1686 comment = smb username is [%U]
1687 guest ok = yes
1688 [ign_sysacls]
1689 path = $share_dir
1690 comment = ignore system acls
1691 acl_xattr:ignore system acls = yes
1692 [inherit_owner]
1693 path = $share_dir
1694 comment = inherit owner
1695 inherit owner = yes
1696 [inherit_owner_u]
1697 path = $share_dir
1698 comment = inherit only unix owner
1699 inherit owner = unix only
1700 acl_xattr:ignore system acls = yes
1701 # BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
1702 [force_group_test]
1703 path = $share_dir
1704 comment = force group test
1705 # force group = everyone
1706
1707 [create_mode_664]
1708 path = $share_dir
1709 comment = smb username is [%U]
1710 create mask = 0644
1711 force create mode = 0664
1712 vfs objects = dirsort
1713
1714 [dropbox]
1715 path = $dropbox_sharedir
1716 comment = smb username is [%U]
1717 writeable = yes
1718 vfs objects =
1719
1720 [bad_iconv]
1721 path = $bad_iconv_sharedir
1722 comment = smb username is [%U]
1723 vfs objects =
1724
1725 [homes]
1726 comment = Home directories
1727 browseable = No
1728 read only = No
1729 ";
1730
1731 if (defined($more_conf)) {
1732 $fileserver_options = $fileserver_options . $more_conf;
1733 }
1734 if (!defined($server)) {
1735 $server = "FILESERVER";
1736 }
1737
1738 my $vars = $self->provision(
1739 prefix => $path,
1740 domain => "WORKGROUP",
1741 server => $server,
1742 password => "fileserver",
1743 extra_options => $fileserver_options,
1744 no_delete_prefix => 1);
1745
1746 $vars or return undef;
1747
1748 if (not $self->check_or_start(
1749 env_vars => $vars,
1750 nmbd => "yes",
1751 smbd => "yes")) {
1752 return undef;
1753 }
1754
1755
1756 mkdir($_, 0777) foreach(@dirs);
1757
1758 ## Create case sensitive lower case share dir
1759 foreach my $file ('a'..'z') {
1760 my $full_path = $lower_case_share_dir . '/' . $file;
1761 open my $fh, '>', $full_path;
1762 # Add some content to file
1763 print $fh $full_path;
1764 close $fh;
1765 }
1766
1767 for (my $file = 1; $file < 51; ++$file) {
1768 my $full_path = $lower_case_share_dir . '/' . $file;
1769 open my $fh, '>', $full_path;
1770 # Add some content to file
1771 print $fh $full_path;
1772 close $fh;
1773 }
1774
1775 # Create content for 30000 share
1776 foreach my $file ('a'..'z') {
1777 my $full_path = $lower_case_share_dir_30000 . '/' . $file;
1778 open my $fh, '>', $full_path;
1779 # Add some content to file
1780 print $fh $full_path;
1781 close $fh;
1782 }
1783
1784 for (my $file = 1; $file < 30001; ++$file) {
1785 my $full_path = $lower_case_share_dir_30000 . '/' . $file;
1786 open my $fh, '>', $full_path;
1787 # Add some content to file
1788 print $fh $full_path;
1789 close $fh;
1790 }
1791
1792 ##
1793 ## create a listable file in valid_users_share
1794 ##
1795 create_file_chmod("$valid_users_sharedir/foo", 0644) or return undef;
1796
1797 ##
1798 ## create a valid utf8 filename which is invalid as a CP850 conversion
1799 ##
1800 create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef;
1801
1802 return $vars;
1803 }
1804
1805 sub setup_fileserver_smb1
1806 {
1807 my ($self, $path) = @_;
1808 my $prefix_abs = abs_path($path);
1809 my $conf = "
1810 [global]
1811 client min protocol = CORE
1812 server min protocol = LANMAN1
1813
1814 [hidenewfiles]
1815 path = $prefix_abs/share
1816 hide new files timeout = 5
1817 [vfs_aio_pthread]
1818 path = $prefix_abs/share
1819 read only = no
1820 vfs objects = aio_pthread
1821 aio_pthread:aio open = yes
1822 smbd async dosmode = no
1823
1824 [vfs_aio_pthread_async_dosmode_default1]
1825 path = $prefix_abs/share
1826 read only = no
1827 vfs objects = aio_pthread
1828 store dos attributes = yes
1829 aio_pthread:aio open = yes
1830 smbd async dosmode = yes
1831
1832 [vfs_aio_pthread_async_dosmode_default2]
1833 path = $prefix_abs/share
1834 read only = no
1835 vfs objects = aio_pthread xattr_tdb
1836 store dos attributes = yes
1837 aio_pthread:aio open = yes
1838 smbd async dosmode = yes
1839
1840 [vfs_aio_pthread_async_dosmode_force_sync1]
1841 path = $prefix_abs/share
1842 read only = no
1843 vfs objects = aio_pthread
1844 store dos attributes = yes
1845 aio_pthread:aio open = yes
1846 smbd async dosmode = yes
1847 # This simulates non linux systems
1848 smbd:force sync user path safe threadpool = yes
1849 smbd:force sync user chdir safe threadpool = yes
1850 smbd:force sync root path safe threadpool = yes
1851 smbd:force sync root chdir safe threadpool = yes
1852
1853 [vfs_aio_pthread_async_dosmode_force_sync2]
1854 path = $prefix_abs/share
1855 read only = no
1856 vfs objects = aio_pthread xattr_tdb
1857 store dos attributes = yes
1858 aio_pthread:aio open = yes
1859 smbd async dosmode = yes
1860 # This simulates non linux systems
1861 smbd:force sync user path safe threadpool = yes
1862 smbd:force sync user chdir safe threadpool = yes
1863 smbd:force sync root path safe threadpool = yes
1864 smbd:force sync root chdir safe threadpool = yes
1865
1866 [vfs_aio_fork]
1867 path = $prefix_abs/share
1868 vfs objects = aio_fork
1869 read only = no
1870 vfs_aio_fork:erratic_testing_mode=yes
1871 ";
1872 return $self->setup_fileserver($path, $conf, "FILESERVERSMB1");
1873 }
1874
1875 sub setup_fileserver_smb1_done
1876 {
1877 my ($self, $path, $dep_env) = @_;
1878 return $self->return_alias_env($path, $dep_env);
1879 }
1880
1881 sub setup_ktest
1882 {
1883 my ($self, $prefix) = @_;
1884
1885 # If we didn't build with ADS, pretend this env was never available
1886 if (not $self->have_ads()) {
1887 return "UNKNOWN";
1888 }
1889
1890 print "PROVISIONING server with security=ads...";
1891
1892 my $ktest_options = "
1893 workgroup = KTEST
1894 realm = ktest.samba.example.com
1895 security = ads
1896 username map = $prefix/lib/username.map
1897 server signing = required
1898 server min protocol = SMB3_00
1899 client max protocol = SMB3
1900
1901 # This disables NTLM auth against the local SAM, which
1902 # we use can then test this setting by.
1903 ntlm auth = disabled
1904 ";
1905
1906 my $ret = $self->provision(
1907 prefix => $prefix,
1908 domain => "KTEST",
1909 server => "LOCALKTEST6",
1910 password => "localktest6pass",
1911 extra_options => $ktest_options);
1912
1913 $ret or return undef;
1914
1915 my $ctx;
1916 my $prefix_abs = abs_path($prefix);
1917 $ctx = {};
1918 $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
1919 $ctx->{domain} = "KTEST";
1920 $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM";
1921 $ctx->{dnsname} = lc($ctx->{realm});
1922 $ctx->{kdc_ipv4} = "0.0.0.0";
1923 $ctx->{kdc_ipv6} = "::";
1924 $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
1925 Samba::mk_krb5_conf($ctx, "");
1926
1927 $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
1928
1929 open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
1930 print USERMAP "
1931 $ret->{USERNAME} = KTEST\\Administrator
1932 ";
1933 close(USERMAP);
1934
1935 #This is the secrets.tdb created by 'net ads join' from Samba3 to a
1936 #Samba4 DC with the same parameters as are being used here. The
1937 #domain SID is S-1-5-21-1071277805-689288055-3486227160
1938 $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297";
1939 $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160";
1940
1941 system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb");
1942 chmod 0600, "$prefix/private/secrets.tdb";
1943
1944 #Make sure there's no old ntdb file.
1945 system("rm -f $prefix/private/secrets.ntdb");
1946
1947 #This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with:
1948 # "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232"
1949 #
1950 #and having in krb5.conf:
1951 # ticket_lifetime = 799718400
1952 # renew_lifetime = 799718400
1953 #
1954 # The commands for the -2 keytab where were:
1955 # kinit administrator@KTEST.SAMBA.EXAMPLE.COM
1956 # kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
1957 # kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
1958 # kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
1959 # kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
1960 #
1961 # and then for the -3 keytab, I did
1962 #
1963 # net changetrustpw; kdestroy and the same again.
1964 #
1965 # This creates a credential cache with a very long lifetime (2036 at
1966 # at 2011-04), and shows that running 'net changetrustpw' does not
1967 # break existing logins (for the secrets.tdb method at least).
1968 #
1969
1970 $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
1971
1972 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
1973 chmod 0600, "$prefix/krb5_ccache-2";
1974
1975 system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
1976 chmod 0600, "$prefix/krb5_ccache-3";
1977
1978 # We need world access to this share, as otherwise the domain
1979 # administrator from the AD domain provided by ktest can't
1980 # access the share for tests.
1981 chmod 0777, "$prefix/share";
1982
1983 if (not $self->check_or_start(
1984 env_vars => $ret,
1985 nmbd => "yes",
1986 smbd => "yes")) {
1987 return undef;
1988 }
1989 return $ret;
1990 }
1991
1992 sub setup_maptoguest
1993 {
1994 my ($self, $path) = @_;
1995 my $prefix_abs = abs_path($path);
1996 my $libdir="$prefix_abs/lib";
1997 my $share_dir="$prefix_abs/share";
1998 my $errorinjectconf="$libdir/error_inject.conf";
1999
2000 print "PROVISIONING maptoguest...";
2001
2002 my $options = "
2003 map to guest = bad user
2004 ntlm auth = yes
2005
2006 [force_user_error_inject]
2007 path = $share_dir
2008 vfs objects = acl_xattr fake_acls xattr_tdb error_inject
2009 force user = user1
2010 include = $errorinjectconf
2011 ";
2012
2013 my $vars = $self->provision(
2014 prefix => $path,
2015 domain => "WORKGROUP",
2016 server => "maptoguest",
2017 password => "maptoguestpass",
2018 extra_options => $options);
2019
2020 $vars or return undef;
2021
2022 if (not $self->check_or_start(
2023 env_vars => $vars,
2024 nmbd => "yes",
2025 smbd => "yes")) {
2026 return undef;
2027 }
2028
2029 return $vars;
2030 }
2031
2032 sub stop_sig_term($$) {
2033 my ($self, $pid) = @_;
2034 kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
2035 }
2036
2037 sub stop_sig_kill($$) {
2038 my ($self, $pid) = @_;
2039 kill("ALRM", $pid) or warn("Unable to kill $pid: $!");
2040 }
2041
2042 sub write_pid($$$)
2043 {
2044 my ($env_vars, $app, $pid) = @_;
2045
2046 open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid");
2047 print PID $pid;
2048 close(PID);
2049 }
2050
2051 sub read_pid($$)
2052 {
2053 my ($env_vars, $app) = @_;
2054
2055 open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid");
2056 my $pid = <PID>;
2057 close(PID);
2058 return $pid;
2059 }
2060
2061 # builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc)
2062 sub make_bin_cmd
2063 {
2064 my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_;
2065
2066 my @optargs = ("-d0");
2067 if (defined($options)) {
2068 @optargs = split(/ /, $options);
2069 }
2070 my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
2071
2072 if (defined($valgrind)) {
2073 @preargs = split(/ /, $valgrind);
2074 }
2075 my @args = ("-F", "--no-process-group",
2076 "--configfile=$env_vars->{SERVERCONFFILE}",
2077 "-l", $env_vars->{LOGDIR});
2078
2079 if (not defined($dont_log_stdout)) {
2080 push(@args, "--debug-stdout");
2081 }
2082 return (@preargs, $binary, @args, @optargs);
2083 }
2084
2085 sub check_or_start($$) {
2086 my ($self, %args) = @_;
2087 my $env_vars = $args{env_vars};
2088 my $nmbd = $args{nmbd} // "no";
2089 my $winbindd = $args{winbindd} // "no";
2090 my $smbd = $args{smbd} // "no";
2091 my $child_cleanup = $args{child_cleanup};
2092
2093 my $STDIN_READER;
2094
2095 # use a pipe for stdin in the child processes. This allows
2096 # those processes to monitor the pipe for EOF to ensure they
2097 # exit when the test script exits
2098 pipe($STDIN_READER, $env_vars->{STDIN_PIPE});
2099
2100 my $binary = Samba::bindir_path($self, "nmbd");
2101 my @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2102 $ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND},
2103 $ENV{NMBD_DONT_LOG_STDOUT});
2104 my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars);
2105 delete $nmbd_envs->{RESOLV_WRAPPER_CONF};
2106 delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS};
2107
2108 # fork and exec() nmbd in the child process
2109 my $daemon_ctx = {
2110 NAME => "nmbd",
2111 BINARY_PATH => $binary,
2112 FULL_CMD => [ @full_cmd ],
2113 LOG_FILE => $env_vars->{NMBD_TEST_LOG},
2114 PCAP_FILE => "env-$ENV{ENVNAME}-nmbd",
2115 ENV_VARS => $nmbd_envs,
2116 };
2117 if ($nmbd ne "yes") {
2118 $daemon_ctx->{SKIP_DAEMON} = 1;
2119 }
2120 my $pid = Samba::fork_and_exec(
2121 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2122
2123 $env_vars->{NMBD_TL_PID} = $pid;
2124 write_pid($env_vars, "nmbd", $pid);
2125
2126 $binary = Samba::bindir_path($self, "winbindd");
2127 @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2128 $ENV{WINBINDD_OPTIONS},
2129 $ENV{WINBINDD_VALGRIND},
2130 $ENV{WINBINDD_DONT_LOG_STDOUT});
2131
2132 # fork and exec() winbindd in the child process
2133 $daemon_ctx = {
2134 NAME => "winbindd",
2135 BINARY_PATH => $binary,
2136 FULL_CMD => [ @full_cmd ],
2137 LOG_FILE => $env_vars->{WINBINDD_TEST_LOG},
2138 PCAP_FILE => "env-$ENV{ENVNAME}-winbindd",
2139 };
2140 if ($winbindd ne "yes" and $winbindd ne "offline") {
2141 $daemon_ctx->{SKIP_DAEMON} = 1;
2142 }
2143
2144 $pid = Samba::fork_and_exec(
2145 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2146
2147 $env_vars->{WINBINDD_TL_PID} = $pid;
2148 write_pid($env_vars, "winbindd", $pid);
2149
2150 $binary = Samba::bindir_path($self, "smbd");
2151 @full_cmd = $self->make_bin_cmd($binary, $env_vars,
2152 $ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND},
2153 $ENV{SMBD_DONT_LOG_STDOUT});
2154
2155 # fork and exec() smbd in the child process
2156 $daemon_ctx = {
2157 NAME => "smbd",
2158 BINARY_PATH => $binary,
2159 FULL_CMD => [ @full_cmd ],
2160 LOG_FILE => $env_vars->{SMBD_TEST_LOG},
2161 PCAP_FILE => "env-$ENV{ENVNAME}-smbd",
2162 };
2163 if ($smbd ne "yes") {
2164 $daemon_ctx->{SKIP_DAEMON} = 1;
2165 }
2166
2167 $pid = Samba::fork_and_exec(
2168 $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup);
2169
2170 $env_vars->{SMBD_TL_PID} = $pid;
2171 write_pid($env_vars, "smbd", $pid);
2172
2173 # close the parent's read-end of the pipe
2174 close($STDIN_READER);
2175
2176 return $self->wait_for_start($env_vars, $nmbd, $winbindd, $smbd);
2177 }
2178
2179 sub createuser($$$$$)
2180 {
2181 my ($self, $username, $password, $conffile, $env) = @_;
2182 my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null";
2183
2184 keys %$env;
2185 while(my($var, $val) = each %$env) {
2186 $cmd = "$var=\"$val\" $cmd";
2187 }
2188
2189 unless (open(PWD, "|$cmd")) {
2190 warn("Unable to set password for $username account\n$cmd");
2191 return undef;
2192 }
2193 print PWD "$password\n$password\n";
2194 unless (close(PWD)) {
2195 warn("Unable to set password for $username account\n$cmd");
2196 return undef;
2197 }
2198 }
2199
2200 sub provision($$)
2201 {
2202 my ($self, %args) = @_;
2203
2204 my $prefix = $args{prefix};
2205 my $domain = $args{domain};
2206 my $realm = $args{realm};
2207 my $server = $args{server};
2208 my $password = $args{password};
2209 my $extra_options = $args{extra_options};
2210 my $resolv_conf = $args{resolv_conf};
2211 my $no_delete_prefix= $args{no_delete_prefix};
2212 my $netbios_name = $args{netbios_name} // $server;
2213 my $server_log_level = $ENV{SERVER_LOG_LEVEL} || 1;
2214
2215 ##
2216 ## setup the various environment variables we need
2217 ##
2218
2219 my $samsid = Samba::random_domain_sid();
2220 my $swiface = Samba::get_interface($server);
2221 my %ret = ();
2222 my %createuser_env = ();
2223 my $server_ip = Samba::get_ipv4_addr($server);
2224 my $server_ipv6 = Samba::get_ipv6_addr($server);
2225 my $dns_domain;
2226 if (defined($realm)) {
2227 $dns_domain = lc($realm);
2228 } else {
2229 $dns_domain = "samba.example.com";
2230 }
2231
2232 my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`);
2233 chomp $unix_name;
2234 my $unix_uid = $>;
2235 my $unix_gids_str = $);
2236 my @unix_gids = split(" ", $unix_gids_str);
2237
2238 my $prefix_abs = abs_path($prefix);
2239 my $bindir_abs = abs_path($self->{bindir});
2240
2241 my @dirs = ();
2242
2243 my $shrdir=$args{share_dir} // "$prefix_abs/share";
2244 push(@dirs,$shrdir);
2245
2246 my $libdir="$prefix_abs/lib";
2247 push(@dirs,$libdir);
2248
2249 my $piddir="$prefix_abs/pid";
2250 push(@dirs,$piddir);
2251
2252 my $privatedir="$prefix_abs/private";
2253 push(@dirs,$privatedir);
2254
2255 my $cachedir = "$prefix_abs/cachedir";
2256 push(@dirs, $cachedir);
2257
2258 my $binddnsdir = "$prefix_abs/bind-dns";
2259 push(@dirs, $binddnsdir);
2260
2261 my $lockdir="$prefix_abs/lockdir";
2262 push(@dirs,$lockdir);
2263
2264 my $eventlogdir="$prefix_abs/lockdir/eventlog";
2265 push(@dirs,$eventlogdir);
2266
2267 my $logdir="$prefix_abs/logs";
2268 push(@dirs,$logdir);
2269
2270 my $driver32dir="$shrdir/W32X86";
2271 push(@dirs,$driver32dir);
2272
2273 my $driver64dir="$shrdir/x64";
2274 push(@dirs,$driver64dir);
2275
2276 my $driver40dir="$shrdir/WIN40";
2277 push(@dirs,$driver40dir);
2278
2279 my $ro_shrdir="$shrdir/root-tmp";
2280 push(@dirs,$ro_shrdir);
2281
2282 my $noperm_shrdir="$shrdir/noperm-tmp";
2283 push(@dirs,$noperm_shrdir);
2284
2285 my $msdfs_shrdir="$shrdir/msdfsshare";
2286 push(@dirs,$msdfs_shrdir);
2287
2288 my $msdfs_deeppath="$msdfs_shrdir/deeppath";
2289 push(@dirs,$msdfs_deeppath);
2290
2291 my $smbcacls_sharedir_dfs="$shrdir/smbcacls_sharedir_dfs";
2292 push(@dirs,$smbcacls_sharedir_dfs);
2293
2294 my $smbcacls_share="$shrdir/smbcacls_share";
2295 push(@dirs,$smbcacls_share);
2296
2297 my $smbcacls_share_testdir="$shrdir/smbcacls_share/smbcacls";
2298 push(@dirs,$smbcacls_share_testdir);
2299
2300 my $badnames_shrdir="$shrdir/badnames";
2301 push(@dirs,$badnames_shrdir);
2302
2303 my $lease1_shrdir="$shrdir/dynamic";
2304 push(@dirs,$lease1_shrdir);
2305
2306 my $manglenames_shrdir="$shrdir/manglenames";
2307 push(@dirs,$manglenames_shrdir);
2308
2309 my $widelinks_shrdir="$shrdir/widelinks";
2310 push(@dirs,$widelinks_shrdir);
2311
2312 my $widelinks_linkdir="$shrdir/widelinks_foo";
2313 push(@dirs,$widelinks_linkdir);
2314
2315 my $fsrvp_shrdir="$shrdir/fsrvp";
2316 push(@dirs,$fsrvp_shrdir);
2317
2318 my $shadow_tstdir="$shrdir/shadow";
2319 push(@dirs,$shadow_tstdir);
2320 my $shadow_mntdir="$shadow_tstdir/mount";
2321 push(@dirs,$shadow_mntdir);
2322 my $shadow_basedir="$shadow_mntdir/base";
2323 push(@dirs,$shadow_basedir);
2324 my $shadow_shrdir="$shadow_basedir/share";
2325 push(@dirs,$shadow_shrdir);
2326
2327 my $nosymlinks_shrdir="$shrdir/nosymlinks";
2328 push(@dirs,$nosymlinks_shrdir);
2329
2330 my $local_symlinks_shrdir="$shrdir/local_symlinks";
2331 push(@dirs,$local_symlinks_shrdir);
2332
2333 # this gets autocreated by winbindd
2334 my $wbsockdir="$prefix_abs/wbsock";
2335
2336 my $nmbdsockdir="$prefix_abs/nmbd";
2337 unlink($nmbdsockdir);
2338
2339 ##
2340 ## create the test directory layout
2341 ##
2342 die ("prefix_abs = ''") if $prefix_abs eq "";
2343 die ("prefix_abs = '/'") if $prefix_abs eq "/";
2344
2345 mkdir($prefix_abs, 0777);
2346 print "CREATE TEST ENVIRONMENT IN '$prefix'...";
2347 if (not defined($no_delete_prefix) or not $no_delete_prefix) {
2348 system("rm -rf $prefix_abs/*");
2349 }
2350 mkdir($_, 0777) foreach(@dirs);
2351
2352 my $fs_specific_conf = $self->get_fs_specific_conf($shrdir);
2353
2354 ##
2355 ## lockdir and piddir must be 0755
2356 ##
2357 chmod 0755, $lockdir;
2358 chmod 0755, $piddir;
2359
2360
2361 ##
2362 ## Create a directory without permissions to enter
2363 ##
2364 chmod 0000, $noperm_shrdir;
2365
2366 ##
2367 ## create ro and msdfs share layout
2368 ##
2369
2370 chmod 0755, $ro_shrdir;
2371
2372 create_file_chmod("$ro_shrdir/unreadable_file", 0600) or return undef;
2373
2374 create_file_chmod("$ro_shrdir/msdfs-target", 0600) or return undef;
2375 symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp",
2376 "$msdfs_shrdir/msdfs-src1";
2377 symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2";
2378 symlink "msdfs:$server_ip\\smbcacls_sharedir_dfs,$server_ipv6\\smbcacls_sharedir_dfs",
2379 "$msdfs_shrdir/smbcacls_sharedir_dfs";
2380
2381 ##
2382 ## create bad names in $badnames_shrdir
2383 ##
2384 ## (An invalid name, would be mangled to 8.3).
2385 create_file_chmod("$badnames_shrdir/\340|\231\216\377\177",
2386 0600) or return undef;
2387
2388 ## (A bad name, would not be mangled to 8.3).
2389 create_file_chmod("$badnames_shrdir/\240\276\346\327\377\177",
2390 0666) or return undef;
2391
2392 ## (A bad good name).
2393 create_file_chmod("$badnames_shrdir/blank.txt",
2394 0666) or return undef;
2395
2396 ##
2397 ## create mangleable directory names in $manglenames_shrdir
2398 ##
2399 my $manglename_target = "$manglenames_shrdir/foo:bar";
2400 mkdir($manglename_target, 0777);
2401
2402 ##
2403 ## create symlinks for widelinks tests.
2404 ##
2405 my $widelinks_target = "$widelinks_linkdir/target";
2406 create_file_chmod("$widelinks_target", 0666) or return undef;
2407
2408 ##
2409 ## This link should get ACCESS_DENIED
2410 ##
2411 symlink "$widelinks_target", "$widelinks_shrdir/source";
2412 ##
2413 ## This link should be allowed
2414 ##
2415 symlink "$widelinks_shrdir", "$widelinks_shrdir/dot";
2416
2417 my $conffile="$libdir/server.conf";
2418 my $dfqconffile="$libdir/dfq.conf";
2419 my $errorinjectconf="$libdir/error_inject.conf";
2420 my $delayinjectconf="$libdir/delay_inject.conf";
2421 my $globalinjectconf="$libdir/global_inject.conf";
2422
2423 my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
2424 my $nss_wrapper_passwd = "$privatedir/passwd";
2425 my $nss_wrapper_group = "$privatedir/group";
2426 my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts";
2427 my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file";
2428
2429 my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl";
2430
2431 my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl";
2432
2433 my @eventlog_list = ("dns server", "application");
2434
2435 ##
2436 ## calculate uids and gids
2437 ##
2438
2439 my ($max_uid, $max_gid);
2440 my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
2441 my ($uid_pdbtest_wkn);
2442 my ($uid_smbget);
2443 my ($uid_force_user);
2444 my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
2445 my ($gid_userdup, $gid_everyone);
2446 my ($gid_force_user);
2447 my ($uid_user1);
2448 my ($uid_user2);
2449 my ($uid_gooduser);
2450 my ($uid_eviluser);
2451 my ($uid_slashuser);
2452
2453 if ($unix_uid < 0xffff - 13) {
2454 $max_uid = 0xffff;
2455 } else {
2456 $max_uid = $unix_uid;
2457 }
2458
2459 $uid_root = $max_uid - 1;
2460 $uid_nobody = $max_uid - 2;
2461 $uid_pdbtest = $max_uid - 3;
2462 $uid_pdbtest2 = $max_uid - 4;
2463 $uid_userdup = $max_uid - 5;
2464 $uid_pdbtest_wkn = $max_uid - 6;
2465 $uid_force_user = $max_uid - 7;
2466 $uid_smbget = $max_uid - 8;
2467 $uid_user1 = $max_uid - 9;
2468 $uid_user2 = $max_uid - 10;
2469 $uid_gooduser = $max_uid - 11;
2470 $uid_eviluser = $max_uid - 12;
2471 $uid_slashuser = $max_uid - 13;
2472
2473 if ($unix_gids[0] < 0xffff - 8) {
2474 $max_gid = 0xffff;
2475 } else {
2476 $max_gid = $unix_gids[0];
2477 }
2478
2479 $gid_nobody = $max_gid - 1;
2480 $gid_nogroup = $max_gid - 2;
2481 $gid_root = $max_gid - 3;
2482 $gid_domusers = $max_gid - 4;
2483 $gid_domadmins = $max_gid - 5;
2484 $gid_userdup = $max_gid - 6;
2485 $gid_everyone = $max_gid - 7;
2486 $gid_force_user = $max_gid - 8;
2487
2488 ##
2489 ## create conffile
2490 ##
2491
2492 unless (open(CONF, ">$conffile")) {
2493 warn("Unable to open $conffile");
2494 return undef;
2495 }
2496
2497 my $interfaces = Samba::get_interfaces_config($server);
2498
2499 print CONF "
2500 [global]
2501 dcesrv:fuzz directory = $cachedir/fuzz
2502 netbios name = $netbios_name
2503 interfaces = $interfaces
2504 bind interfaces only = yes
2505 panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY)
2506 smbd:suicide mode = yes
2507 smbd:FSCTL_SMBTORTURE = yes
2508
2509 client min protocol = SMB2_02
2510 server min protocol = SMB2_02
2511
2512 server multi channel support = yes
2513
2514 workgroup = $domain
2515
2516 private dir = $privatedir
2517 binddns dir = $binddnsdir
2518 pid directory = $piddir
2519 lock directory = $lockdir
2520 log file = $logdir/log.\%m
2521 log level = $server_log_level
2522 debug pid = yes
2523 max log size = 0
2524
2525 state directory = $lockdir
2526 cache directory = $lockdir
2527
2528 passdb backend = tdbsam
2529
2530 time server = yes
2531
2532 add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
2533 add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g
2534 add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup
2535 add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group
2536 delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u
2537 delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g
2538 delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group
2539
2540 addprinter command = $mod_printer_pl -a -s $conffile --
2541 deleteprinter command = $mod_printer_pl -d -s $conffile --
2542
2543 eventlog list = application \"dns server\"
2544
2545 kernel oplocks = no
2546 kernel change notify = no
2547
2548 logging = file
2549 printing = bsd
2550 printcap name = /dev/null
2551
2552 winbindd socket directory = $wbsockdir
2553 nmbd:socket dir = $nmbdsockdir
2554 idmap config * : range = 100000-200000
2555 winbind enum users = yes
2556 winbind enum groups = yes
2557 winbind separator = /
2558 include system krb5 conf = no
2559
2560 # min receivefile size = 4000
2561
2562 read only = no
2563
2564 smbd:sharedelay = 100000
2565 smbd:writetimeupdatedelay = 500000
2566 map hidden = no
2567 map system = no
2568 map readonly = no
2569 store dos attributes = yes
2570 create mask = 755
2571 dos filemode = yes
2572 strict rename = yes
2573 strict sync = yes
2574 mangled names = yes
2575 vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit
2576
2577 full_audit:syslog = no
2578 full_audit:success = none
2579 full_audit:failure = none
2580
2581 printing = vlp
2582 print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s
2583 lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p
2584 lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j
2585 lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j
2586 lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j
2587 queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p
2588 queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
2589 lpq cache time = 0
2590 print notify backchannel = yes
2591
2592 ncalrpc dir = $prefix_abs/ncalrpc
2593
2594 # The samba3.blackbox.smbclient_s3 test uses this to test that
2595 # sending messages works, and that the %m sub works.
2596 message command = mv %s $shrdir/message.%m
2597
2598 # fsrvp server requires registry shares
2599 registry shares = yes
2600
2601 # Used by RPC SRVSVC tests
2602 add share command = $bindir_abs/smbaddshare
2603 change share command = $bindir_abs/smbchangeshare
2604 delete share command = $bindir_abs/smbdeleteshare
2605
2606 # fruit:copyfile is a global option
2607 fruit:copyfile = yes
2608
2609 #this does not mean that we use non-secure test env,
2610 #it just means we ALLOW one to be configured.
2611 allow insecure wide links = yes
2612
2613 include = $globalinjectconf
2614
2615 # Begin extra options
2616 $extra_options
2617 # End extra options
2618
2619 #Include user defined custom parameters if set
2620 ";
2621
2622 if (defined($ENV{INCLUDE_CUSTOM_CONF})) {
2623 print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n";
2624 }
2625
2626 print CONF "
2627 [smbcacls_share]
2628 path = $smbcacls_share
2629 comment = smb username is [%U]
2630 msdfs root = yes
2631
2632 [smbcacls_sharedir_dfs]
2633 path = $smbcacls_sharedir_dfs
2634 comment = smb username is [%U]
2635 [tmp]
2636 path = $shrdir
2637 comment = smb username is [%U]
2638 [tmpsort]
2639 path = $shrdir
2640 comment = Load dirsort module
2641 vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot
2642 [tmpenc]
2643 path = $shrdir
2644 comment = encrypt smb username is [%U]
2645 server smb encrypt = required
2646 vfs objects = dirsort
2647 [tmpguest]
2648 path = $shrdir
2649 guest ok = yes
2650 [guestonly]
2651 path = $shrdir
2652 guest only = yes
2653 guest ok = yes
2654 [forceuser]
2655 path = $shrdir
2656 force user = $unix_name
2657 guest ok = yes
2658 [forceuser_unixonly]
2659 comment = force a user with unix user SID and group SID
2660 path = $shrdir
2661 force user = pdbtest
2662 guest ok = yes
2663 [forceuser_wkngroup]
2664 comment = force a user with well-known group SID
2665 path = $shrdir
2666 force user = pdbtest_wkn
2667 guest ok = yes
2668 [forcegroup]
2669 path = $shrdir
2670 force group = nogroup
2671 guest ok = yes
2672 [ro-tmp]
2673 path = $ro_shrdir
2674 guest ok = yes
2675 [noperm]
2676 path = $noperm_shrdir
2677 wide links = yes
2678 guest ok = yes
2679 [write-list-tmp]
2680 path = $shrdir
2681 read only = yes
2682 write list = $unix_name
2683 [valid-users-tmp]
2684 path = $shrdir
2685 valid users = $unix_name
2686 access based share enum = yes
2687 [msdfs-share]
2688 path = $msdfs_shrdir
2689 msdfs root = yes
2690 msdfs shuffle referrals = yes
2691 guest ok = yes
2692 [hideunread]
2693 copy = tmp
2694 hide unreadable = yes
2695 [tmpcase]
2696 copy = tmp
2697 case sensitive = yes
2698 [hideunwrite]
2699 copy = tmp
2700 hide unwriteable files = yes
2701 [durable]
2702 copy = tmp
2703 kernel share modes = no
2704 kernel oplocks = no
2705 posix locking = no
2706 [fs_specific]
2707 copy = tmp
2708 $fs_specific_conf
2709 [print1]
2710 copy = tmp
2711 printable = yes
2712
2713 [print2]
2714 copy = print1
2715 [print3]
2716 copy = print1
2717 default devmode = no
2718
2719 [print_var_exp]
2720 copy = print1
2721 print command = $self->{srcdir}/source3/script/tests/printing/printing_var_exp_lpr_cmd.sh \"Windows user: %U\" \"UNIX user: %u\" \"Domain: %D\"
2722
2723 [lp]
2724 copy = print1
2725
2726 [nfs4acl_simple_40]
2727 path = $shrdir
2728 comment = smb username is [%U]
2729 nfs4:mode = simple
2730 nfs4acl_xattr:version = 40
2731 vfs objects = nfs4acl_xattr xattr_tdb
2732
2733 [nfs4acl_special_40]
2734 path = $shrdir
2735 comment = smb username is [%U]
2736 nfs4:mode = special
2737 nfs4acl_xattr:version = 40
2738 vfs objects = nfs4acl_xattr xattr_tdb
2739
2740 [nfs4acl_simple_41]
2741 path = $shrdir
2742 comment = smb username is [%U]
2743 nfs4:mode = simple
2744 vfs objects = nfs4acl_xattr xattr_tdb
2745
2746 [nfs4acl_xdr_40]
2747 path = $shrdir
2748 comment = smb username is [%U]
2749 vfs objects = nfs4acl_xattr xattr_tdb
2750 nfs4:mode = simple
2751 nfs4acl_xattr:encoding = xdr
2752 nfs4acl_xattr:version = 40
2753
2754 [nfs4acl_xdr_41]
2755 path = $shrdir
2756 comment = smb username is [%U]
2757 vfs objects = nfs4acl_xattr xattr_tdb
2758 nfs4:mode = simple
2759 nfs4acl_xattr:encoding = xdr
2760 nfs4acl_xattr:version = 41
2761
2762 [nfs4acl_nfs_40]
2763 path = $shrdir
2764 comment = smb username is [%U]
2765 vfs objects = nfs4acl_xattr xattr_tdb
2766 nfs4:mode = simple
2767 nfs4acl_xattr:encoding = nfs
2768 nfs4acl_xattr:version = 40
2769 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
2770
2771 [nfs4acl_nfs_41]
2772 path = $shrdir
2773 comment = smb username is [%U]
2774 vfs objects = nfs4acl_xattr xattr_tdb
2775 nfs4:mode = simple
2776 nfs4acl_xattr:encoding = nfs
2777 nfs4acl_xattr:version = 41
2778 nfs4acl_xattr:xattr_name = security.nfs4acl_xdr
2779
2780 [xcopy_share]
2781 path = $shrdir
2782 comment = smb username is [%U]
2783 create mask = 777
2784 force create mode = 777
2785 [posix_share]
2786 path = $shrdir
2787 comment = smb username is [%U]
2788 create mask = 0777
2789 force create mode = 0
2790 directory mask = 0777
2791 force directory mode = 0
2792 vfs objects = xattr_tdb streams_depot
2793 [aio]
2794 copy = durable
2795 aio read size = 1
2796 aio write size = 1
2797
2798 [print\$]
2799 copy = tmp
2800
2801 [vfs_fruit]
2802 path = $shrdir
2803 vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb
2804 fruit:resource = file
2805 fruit:metadata = netatalk
2806 fruit:locking = netatalk
2807 fruit:encoding = native
2808 fruit:veto_appledouble = no
2809
2810 [vfs_fruit_xattr]
2811 path = $shrdir
2812 # This is used by vfs.fruit tests that require real fs xattr
2813 vfs objects = catia fruit streams_xattr acl_xattr
2814 fruit:resource = file
2815 fruit:metadata = netatalk
2816 fruit:locking = netatalk
2817 fruit:encoding = native
2818 fruit:veto_appledouble = no
2819
2820 [vfs_fruit_metadata_stream]
2821 path = $shrdir
2822 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2823 fruit:resource = file
2824 fruit:metadata = stream
2825 fruit:veto_appledouble = no
2826
2827 [vfs_fruit_stream_depot]
2828 path = $shrdir
2829 vfs objects = fruit streams_depot acl_xattr xattr_tdb
2830 fruit:resource = stream
2831 fruit:metadata = stream
2832 fruit:veto_appledouble = no
2833
2834 [vfs_wo_fruit]
2835 path = $shrdir
2836 vfs objects = streams_xattr acl_xattr xattr_tdb
2837
2838 [vfs_wo_fruit_stream_depot]
2839 path = $shrdir
2840 vfs objects = streams_depot acl_xattr xattr_tdb
2841
2842 [vfs_fruit_timemachine]
2843 path = $shrdir
2844 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2845 fruit:resource = file
2846 fruit:metadata = stream
2847 fruit:time machine = yes
2848 fruit:time machine max size = 32K
2849
2850 [vfs_fruit_wipe_intentionally_left_blank_rfork]
2851 path = $shrdir
2852 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2853 fruit:resource = file
2854 fruit:metadata = stream
2855 fruit:wipe_intentionally_left_blank_rfork = true
2856 fruit:delete_empty_adfiles = false
2857 fruit:veto_appledouble = no
2858
2859 [vfs_fruit_delete_empty_adfiles]
2860 path = $shrdir
2861 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2862 fruit:resource = file
2863 fruit:metadata = stream
2864 fruit:wipe_intentionally_left_blank_rfork = true
2865 fruit:delete_empty_adfiles = true
2866 fruit:veto_appledouble = no
2867
2868 [vfs_fruit_zero_fileid]
2869 path = $shrdir
2870 vfs objects = fruit streams_xattr acl_xattr xattr_tdb
2871 fruit:resource = file
2872 fruit:metadata = stream
2873 fruit:zero_file_id=yes
2874
2875 [badname-tmp]
2876 path = $badnames_shrdir
2877 guest ok = yes
2878
2879 [manglenames_share]
2880 path = $manglenames_shrdir
2881 guest ok = yes
2882
2883 [dynamic_share]
2884 path = $shrdir/dynamic/%t
2885 guest ok = yes
2886 root preexec = mkdir %P
2887
2888 [widelinks_share]
2889 path = $widelinks_shrdir
2890 wide links = no
2891 guest ok = yes
2892
2893 [fsrvp_share]
2894 path = $fsrvp_shrdir
2895 comment = fake shapshots using rsync
2896 vfs objects = shell_snap shadow_copy2
2897 shell_snap:check path command = $fake_snap_pl --check
2898 shell_snap:create command = $fake_snap_pl --create
2899 shell_snap:delete command = $fake_snap_pl --delete
2900 # a relative path here fails, the snapshot dir is no longer found
2901 shadow:snapdir = $fsrvp_shrdir/.snapshots
2902
2903 [shadow1]
2904 path = $shadow_shrdir
2905 comment = previous versions snapshots under mount point
2906 vfs objects = shadow_copy2
2907 shadow:mountpoint = $shadow_mntdir
2908
2909 [shadow2]
2910 path = $shadow_shrdir
2911 comment = previous versions snapshots outside mount point
2912 vfs objects = shadow_copy2
2913 shadow:mountpoint = $shadow_mntdir
2914 shadow:snapdir = $shadow_tstdir/.snapshots
2915
2916 [shadow3]
2917 path = $shadow_shrdir
2918 comment = previous versions with subvolume snapshots, snapshots under base dir
2919 vfs objects = shadow_copy2
2920 shadow:mountpoint = $shadow_mntdir
2921 shadow:basedir = $shadow_basedir
2922 shadow:snapdir = $shadow_basedir/.snapshots
2923
2924 [shadow4]
2925 path = $shadow_shrdir
2926 comment = previous versions with subvolume snapshots, snapshots outside mount point
2927 vfs objects = shadow_copy2
2928 shadow:mountpoint = $shadow_mntdir
2929 shadow:basedir = $shadow_basedir
2930 shadow:snapdir = $shadow_tstdir/.snapshots
2931
2932 [shadow5]
2933 path = $shadow_shrdir
2934 comment = previous versions at volume root snapshots under mount point
2935 vfs objects = shadow_copy2
2936 shadow:mountpoint = $shadow_shrdir
2937
2938 [shadow6]
2939 path = $shadow_shrdir
2940 comment = previous versions at volume root snapshots outside mount point
2941 vfs objects = shadow_copy2
2942 shadow:mountpoint = $shadow_shrdir
2943 shadow:snapdir = $shadow_tstdir/.snapshots
2944
2945 [shadow7]
2946 path = $shadow_shrdir
2947 comment = previous versions snapshots everywhere
2948 vfs objects = shadow_copy2
2949 shadow:mountpoint = $shadow_mntdir
2950 shadow:snapdirseverywhere = yes
2951
2952 [shadow8]
2953 path = $shadow_shrdir
2954 comment = previous versions using snapsharepath
2955 vfs objects = shadow_copy2
2956 shadow:mountpoint = $shadow_mntdir
2957 shadow:snapdir = $shadow_tstdir/.snapshots
2958 shadow:snapsharepath = share
2959
2960 [shadow_fmt0]
2961 comment = Testing shadow:format with default option
2962 vfs object = shadow_copy2
2963 path = $shadow_shrdir
2964 read only = no
2965 guest ok = yes
2966 shadow:mountpoint = $shadow_mntdir
2967 shadow:basedir = $shadow_basedir
2968 shadow:snapdir = $shadow_basedir/.snapshots
2969 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
2970
2971 [shadow_fmt1]
2972 comment = Testing shadow:format with only date component
2973 vfs object = shadow_copy2
2974 path = $shadow_shrdir
2975 read only = no
2976 guest ok = yes
2977 shadow:mountpoint = $shadow_mntdir
2978 shadow:basedir = $shadow_basedir
2979 shadow:snapdir = $shadow_basedir/.snapshots
2980 shadow:format = \@GMT-%Y-%m-%d
2981
2982 [shadow_fmt2]
2983 comment = Testing shadow:format with some hardcoded prefix
2984 vfs object = shadow_copy2
2985 path = $shadow_shrdir
2986 read only = no
2987 guest ok = yes
2988 shadow:mountpoint = $shadow_mntdir
2989 shadow:basedir = $shadow_basedir
2990 shadow:snapdir = $shadow_basedir/.snapshots
2991 shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S
2992
2993 [shadow_fmt3]
2994 comment = Testing shadow:format with modified format
2995 vfs object = shadow_copy2
2996 path = $shadow_shrdir
2997 read only = no
2998 guest ok = yes
2999 shadow:mountpoint = $shadow_mntdir
3000 shadow:basedir = $shadow_basedir
3001 shadow:snapdir = $shadow_basedir/.snapshots
3002 shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap
3003
3004 [shadow_fmt4]
3005 comment = Testing shadow:snapprefix regex
3006 vfs object = shadow_copy2
3007 path = $shadow_shrdir
3008 read only = no
3009 guest ok = yes
3010 shadow:mountpoint = $shadow_mntdir
3011 shadow:basedir = $shadow_basedir
3012 shadow:snapdir = $shadow_basedir/.snapshots
3013 shadow:snapprefix = \^s[a-z]*p\$
3014 shadow:format = _GMT-%Y.%m.%d-%H.%M.%S
3015
3016 [shadow_fmt5]
3017 comment = Testing shadow:snapprefix with delim regex
3018 vfs object = shadow_copy2
3019 path = $shadow_shrdir
3020 read only = no
3021 guest ok = yes
3022 shadow:mountpoint = $shadow_mntdir
3023 shadow:basedir = $shadow_basedir
3024 shadow:snapdir = $shadow_basedir/.snapshots
3025 shadow:delimiter = \@GMT
3026 shadow:snapprefix = [a-z]*
3027 shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S
3028
3029 [shadow_wl]
3030 path = $shadow_shrdir
3031 comment = previous versions with wide links allowed
3032 vfs objects = shadow_copy2
3033 shadow:mountpoint = $shadow_mntdir
3034 wide links = yes
3035
3036 [shadow_write]
3037 path = $shadow_tstdir
3038 comment = previous versions snapshots under mount point
3039 vfs objects = shadow_copy2 streams_xattr error_inject
3040 aio write size = 0
3041 error_inject:pwrite = EBADF
3042 shadow:mountpoint = $shadow_tstdir
3043 shadow:fixinodes = yes
3044
3045 [dfq]
3046 path = $shrdir/dfree
3047 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
3048 admin users = $unix_name
3049 include = $dfqconffile
3050 [dfq_cache]
3051 path = $shrdir/dfree
3052 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
3053 admin users = $unix_name
3054 include = $dfqconffile
3055 dfree cache time = 60
3056 [dfq_owner]
3057 path = $shrdir/dfree
3058 vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
3059 inherit owner = yes
3060 include = $dfqconffile
3061 [quotadir]
3062 path = $shrdir/quota
3063 admin users = $unix_name
3064
3065 [acl_xattr_ign_sysacl_posix]
3066 copy = tmp
3067 acl_xattr:ignore system acls = yes
3068 acl_xattr:default acl style = posix
3069 [acl_xattr_ign_sysacl_windows]
3070 copy = tmp
3071 acl_xattr:ignore system acls = yes
3072 acl_xattr:default acl style = windows
3073
3074 [mangle_illegal]
3075 copy = tmp
3076 mangled names = illegal
3077
3078 [nosymlinks]
3079 copy = tmp
3080 path = $nosymlinks_shrdir
3081 follow symlinks = no
3082
3083 [local_symlinks]
3084 copy = tmp
3085 path = $local_symlinks_shrdir
3086 follow symlinks = yes
3087
3088 [kernel_oplocks]
3089 copy = tmp
3090 kernel oplocks = yes
3091 vfs objects = streams_xattr xattr_tdb
3092
3093 [streams_xattr]
3094 copy = tmp
3095 vfs objects = streams_xattr xattr_tdb
3096
3097 [compound_find]
3098 copy = tmp
3099 smbd:find async delay usec = 10000
3100 [error_inject]
3101 copy = tmp
3102 vfs objects = error_inject
3103 include = $errorinjectconf
3104
3105 [delay_inject]
3106 copy = tmp
3107 vfs objects = delay_inject
3108 kernel share modes = no
3109 kernel oplocks = no
3110 posix locking = no
3111 include = $delayinjectconf
3112
3113 [aio_delay_inject]
3114 copy = tmp
3115 vfs objects = delay_inject
3116 delay_inject:pread_send = 2000
3117 delay_inject:pwrite_send = 2000
3118
3119 [brl_delay_inject1]
3120 copy = tmp
3121 vfs objects = delay_inject
3122 delay_inject:brl_lock_windows = 90
3123 delay_inject:brl_lock_windows_use_timer = yes
3124
3125 [brl_delay_inject2]
3126 copy = tmp
3127 vfs objects = delay_inject
3128 delay_inject:brl_lock_windows = 90
3129 delay_inject:brl_lock_windows_use_timer = no
3130
3131 [delete_readonly]
3132 path = $prefix_abs/share
3133 delete readonly = yes
3134
3135 [enc_desired]
3136 path = $prefix_abs/share
3137 vfs objects =
3138 server smb encrypt = desired
3139
3140 [enc_off]
3141 path = $prefix_abs/share
3142 vfs objects =
3143 server smb encrypt = off
3144
3145 [notify_priv]
3146 copy = tmp
3147 honor change notify privilege = yes
3148
3149 [acls_non_canonical]
3150 copy = tmp
3151 acl flag inherited canonicalization = no
3152 ";
3153
3154 close(CONF);
3155
3156 my $net = Samba::bindir_path($self, "net");
3157 my $cmd = "";
3158 $cmd .= "UID_WRAPPER_ROOT=1 ";
3159 $cmd .= "SMB_CONF_PATH=\"$conffile\" ";
3160 $cmd .= "$net setlocalsid $samsid";
3161
3162 my $net_ret = system($cmd);
3163 if ($net_ret != 0) {
3164 warn("net setlocalsid failed: $net_ret\n$cmd");
3165 return undef;
3166 }
3167
3168 unless (open(ERRORCONF, ">$errorinjectconf")) {
3169 warn("Unable to open $errorinjectconf");
3170 return undef;
3171 }
3172 close(ERRORCONF);
3173
3174 unless (open(DELAYCONF, ">$delayinjectconf")) {
3175 warn("Unable to open $delayinjectconf");
3176 return undef;
3177 }
3178 close(DELAYCONF);
3179
3180 unless (open(DFQCONF, ">$dfqconffile")) {
3181 warn("Unable to open $dfqconffile");
3182 return undef;
3183 }
3184 close(DFQCONF);
3185
3186 unless (open(DELAYCONF, ">$globalinjectconf")) {
3187 warn("Unable to open $globalinjectconf");
3188 return undef;
3189 }
3190 close(DELAYCONF);
3191
3192 ##
3193 ## create a test account
3194 ##
3195
3196 unless (open(PASSWD, ">$nss_wrapper_passwd")) {
3197 warn("Unable to open $nss_wrapper_passwd");
3198 return undef;
3199 }
3200 print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
3201 $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
3202 pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
3203 pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
3204 userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
3205 pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
3206 force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
3207 smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false
3208 user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false
3209 user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false
3210 gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false
3211 eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
3212 slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
3213 ";
3214 if ($unix_uid != 0) {
3215 print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
3216 ";
3217 }
3218 close(PASSWD);
3219
3220 unless (open(GROUP, ">$nss_wrapper_group")) {
3221 warn("Unable to open $nss_wrapper_group");
3222 return undef;
3223 }
3224 print GROUP "nobody:x:$gid_nobody:
3225 nogroup:x:$gid_nogroup:nobody
3226 $unix_name-group:x:$unix_gids[0]:
3227 domusers:X:$gid_domusers:
3228 domadmins:X:$gid_domadmins:
3229 userdup:x:$gid_userdup:$unix_name
3230 everyone:x:$gid_everyone:
3231 force_user:x:$gid_force_user:
3232 ";
3233 if ($unix_gids[0] != 0) {
3234 print GROUP "root:x:$gid_root:
3235 ";
3236 }
3237
3238 close(GROUP);
3239
3240 ## hosts
3241 my $hostname = lc($server);
3242 unless (open(HOSTS, ">>$nss_wrapper_hosts")) {
3243 warn("Unable to open $nss_wrapper_hosts");
3244 return undef;
3245 }
3246 print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n";
3247 print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n";
3248 close(HOSTS);
3249
3250 $resolv_conf = "$privatedir/no_resolv.conf" unless defined($resolv_conf);
3251
3252 foreach my $evlog (@eventlog_list) {
3253 my $evlogtdb = "$eventlogdir/$evlog.tdb";
3254 open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb");
3255 close(EVENTLOG);
3256 }
3257
3258 $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
3259 $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
3260 $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
3261 $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
3262 if ($ENV{SAMBA_DNS_FAKING}) {
3263 $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
3264 } else {
3265 $createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf;
3266 }
3267 $createuser_env{RESOLV_CONF} = $resolv_conf;
3268
3269 createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user");
3270 createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user");
3271 createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user");
3272 createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1");
3273 createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2");
3274 createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
3275 createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
3276 createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
3277
3278 open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
3279 print DNS_UPDATE_LIST "A $server. $server_ip\n";
3280 print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n";
3281 close(DNS_UPDATE_LIST);
3282
3283 print "DONE\n";
3284
3285 $ret{SERVER_IP} = $server_ip;
3286 $ret{SERVER_IPV6} = $server_ipv6;
3287 $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
3288 $ret{NMBD_TEST_LOG_POS} = 0;
3289 $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log";
3290 $ret{WINBINDD_TEST_LOG_POS} = 0;
3291 $ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log";
3292 $ret{SMBD_TEST_LOG_POS} = 0;
3293 $ret{SERVERCONFFILE} = $conffile;
3294 $ret{TESTENV_DIR} = $prefix_abs;
3295 $ret{CONFIGURATION} ="--configfile=$conffile";
3296 $ret{LOCK_DIR} = $lockdir;
3297 $ret{SERVER} = $server;
3298 $ret{USERNAME} = $unix_name;
3299 $ret{USERID} = $unix_uid;
3300 $ret{DOMAIN} = $domain;
3301 $ret{SAMSID} = $samsid;
3302 $ret{NETBIOSNAME} = $server;
3303 $ret{PASSWORD} = $password;
3304 $ret{PIDDIR} = $piddir;
3305 $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir;
3306 $ret{NMBD_SOCKET_DIR} = $nmbdsockdir;
3307 $ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface;
3308 $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
3309 $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
3310 $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
3311 $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
3312 $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self);
3313 $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind";
3314 if ($ENV{SAMBA_DNS_FAKING}) {
3315 $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
3316 } else {
3317 $ret{RESOLV_WRAPPER_CONF} = $resolv_conf;
3318 }
3319 $ret{RESOLV_CONF} = $resolv_conf;
3320 $ret{LOCAL_PATH} = "$shrdir";
3321 $ret{LOGDIR} = $logdir;
3322
3323 #
3324 # Avoid hitting system krb5.conf -
3325 # An env that needs Kerberos will reset this to the real
3326 # value.
3327 #
3328 $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
3329
3330 # Define KRB5CCNAME for each environment we set up
3331 $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache";
3332 $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE};
3333
3334 return \%ret;
3335 }
3336
3337 sub wait_for_start($$$$$)
3338 {
3339 my ($self, $envvars, $nmbd, $winbindd, $smbd) = @_;
3340 my $cmd;
3341 my $netcmd;
3342 my $ret;
3343
3344 if ($nmbd eq "yes") {
3345 my $count = 0;
3346
3347 # give time for nbt server to register its names
3348 print "checking for nmbd\n";
3349
3350 # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init
3351 my $nmblookup = Samba::bindir_path($self, "nmblookup");
3352
3353 do {
3354 $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}");
3355 if ($ret != 0) {
3356 sleep(1);
3357 } else {
3358 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__");
3359 system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__");
3360 system("$nmblookup $envvars->{CONFIGURATION} -U 10.255.255.255 __SAMBA__");
3361 system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
3362 }
3363 $count++;
3364 } while ($ret != 0 && $count < 10);
3365 if ($count == 10) {
3366 print "NMBD not reachable after 10 retries\n";
3367 teardown_env($self, $envvars);
3368 return 0;
3369 }
3370 }
3371
3372 if ($winbindd eq "yes" or $winbindd eq "offline") {
3373 print "checking for winbindd\n";
3374 my $count = 0;
3375 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3376 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3377 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3378 if ($winbindd eq "yes") {
3379 $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc";
3380 } elsif ($winbindd eq "offline") {
3381 $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping";
3382 }
3383
3384 do {
3385 $ret = system($cmd);
3386 if ($ret != 0) {
3387 sleep(1);
3388 }
3389 $count++;
3390 } while ($ret != 0 && $count < 20);
3391 if ($count == 20) {
3392 print "WINBINDD not reachable after 20 seconds\n";
3393 teardown_env($self, $envvars);
3394 return 0;
3395 }
3396 }
3397
3398 if ($smbd eq "yes") {
3399 # make sure smbd is also up set
3400 print "wait for smbd\n";
3401
3402 my $count = 0;
3403 do {
3404 if (defined($envvars->{GNUTLS_FORCE_FIPS_MODE})) {
3405 # We don't have NTLM in FIPS mode, so lets use
3406 # smbcontrol instead of smbclient.
3407 $cmd = Samba::bindir_path($self, "smbcontrol");
3408 $cmd .= " $envvars->{CONFIGURATION}";
3409 $cmd .= " smbd ping";
3410 } else {
3411 # This uses NTLM which is not available in FIPS
3412 $cmd = Samba::bindir_path($self, "smbclient");
3413 $cmd .= " $envvars->{CONFIGURATION}";
3414 $cmd .= " -L $envvars->{SERVER}";
3415 $cmd .= " -U%";
3416 $cmd .= " -I $envvars->{SERVER_IP}";
3417 $cmd .= " -p 139";
3418 }
3419
3420 $ret = system($cmd);
3421 if ($ret != 0) {
3422 sleep(1);
3423 }
3424 $count++
3425 } while ($ret != 0 && $count < 20);
3426 if ($count == 20) {
3427 print "SMBD failed to start up in a reasonable time (20sec)\n";
3428 teardown_env($self, $envvars);
3429 return 0;
3430 }
3431 }
3432
3433 # Ensure we have domain users mapped.
3434 $netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3435 $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3436 $netcmd .= "UID_WRAPPER_ROOT='1' ";
3437 $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
3438
3439 $cmd = $netcmd . "groupmap delete ntgroup=domusers";
3440 $ret = system($cmd);
3441
3442 $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
3443 $ret = system($cmd);
3444 if ($ret != 0) {
3445 print("\"$cmd\" failed\n");
3446 return 1;
3447 }
3448
3449 $cmd = $netcmd . "groupmap delete ntgroup=domadmins";
3450 $ret = system($cmd);
3451
3452 $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
3453 $ret = system($cmd);
3454 if ($ret != 0) {
3455 print("\"$cmd\" failed\n");
3456 return 1;
3457 }
3458
3459 $cmd = $netcmd . "groupmap delete ntgroup=everyone";
3460 $ret = system($cmd);
3461
3462 $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
3463 $ret = system($cmd);
3464 if ($ret != 0) {
3465 print("\"$cmd\" failed\n");
3466 return 1;
3467 }
3468
3469 # note: creating builtin groups requires winbindd for the
3470 # unix id allocator
3471 my $create_builtin_users = "no";
3472 if ($winbindd eq "yes") {
3473 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3474 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3475 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3476 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
3477 my $wbinfo_out = qx($cmd 2>&1);
3478 if ($? != 0) {
3479 # wbinfo doesn't give us a better error code then
3480 # WBC_ERR_DOMAIN_NOT_FOUND, but at least that's
3481 # different then WBC_ERR_WINBIND_NOT_AVAILABLE
3482 if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) {
3483 print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out");
3484 teardown_env($self, $envvars);
3485 return 0;
3486 }
3487 $create_builtin_users = "yes";
3488 }
3489 }
3490 if ($create_builtin_users eq "yes") {
3491 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3492 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3493 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3494 $cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
3495 $cmd .= "sam createbuiltingroup Users";
3496 $ret = system($cmd);
3497 if ($ret != 0) {
3498 print "Failed to create BUILTIN\\Users group\n";
3499 teardown_env($self, $envvars);
3500 return 0;
3501 }
3502
3503 $cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} ";
3504 $cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545";
3505 system($cmd);
3506
3507 $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' ";
3508 $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' ";
3509 $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
3510 $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545";
3511 $ret = system($cmd);
3512 if ($ret != 0) {
3513 print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n";
3514 teardown_env($self, $envvars);
3515 return 0;
3516 }
3517 }
3518
3519 print $self->getlog_env($envvars);
3520
3521 return 1;
3522 }
3523
3524 ##
3525 ## provision and start of ctdb
3526 ##
3527 sub setup_ctdb($$)
3528 {
3529 my ($self, $prefix) = @_;
3530 my $num_nodes = 3;
3531
3532 my $data = $self->provision_ctdb($prefix, $num_nodes);
3533 $data or return undef;
3534
3535 my $rc = $self->check_or_start_ctdb($data);
3536 if (not $rc) {
3537 print("check_or_start_ctdb() failed\n");
3538 return undef;
3539 }
3540
3541 $rc = $self->wait_for_start_ctdb($data);
3542 if (not $rc) {
3543 print "Cluster startup failed\n";
3544 return undef;
3545 }
3546
3547 return $data;
3548 }
3549
3550 sub provision_ctdb($$$$)
3551 {
3552 my ($self, $prefix, $num_nodes, $no_delete_prefix) = @_;
3553 my $rc;
3554
3555 print "PROVISIONING CTDB...\n";
3556
3557 my $prefix_abs = abs_path($prefix);
3558
3559 #
3560 # check / create directories:
3561 #
3562 die ("prefix_abs = ''") if $prefix_abs eq "";
3563 die ("prefix_abs = '/'") if $prefix_abs eq "/";
3564
3565 mkdir ($prefix_abs, 0777);
3566
3567 print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n";
3568
3569 if (not defined($no_delete_prefix) or not $no_delete_prefix) {
3570 system("rm -rf $prefix_abs/*");
3571 }
3572
3573 #
3574 # Per-node data
3575 #
3576 my @nodes = ();
3577 for (my $i = 0; $i < $num_nodes; $i++) {
3578 my %node = ();
3579 my $server_name = "ctdb${i}";
3580 my $pub_iface = Samba::get_interface($server_name);
3581 my $ip = Samba::get_ipv4_addr($server_name);
3582
3583 $node{NODE_NUMBER} = "$i";
3584 $node{SERVER_NAME} = "$server_name";
3585 $node{SOCKET_WRAPPER_DEFAULT_IFACE} = "$pub_iface";
3586 $node{IP} = "$ip";
3587
3588 push(@nodes, \%node);
3589 }
3590
3591 #
3592 # nodes
3593 #
3594 my $nodes_file = "$prefix/nodes.in";
3595 unless (open(NODES, ">$nodes_file")) {
3596 warn("Unable to open nodesfile '$nodes_file'");
3597 return undef;
3598 }
3599 for (my $i = 0; $i < $num_nodes; $i++) {
3600 my $ip = $nodes[$i]->{IP};
3601 print NODES "${ip}\n";
3602 }
3603 close(NODES);
3604
3605 #
3606 # local_daemons.sh setup
3607 #
3608 # Socket wrapper setup is done by selftest.pl, so don't use
3609 # the CTDB-specific setup
3610 #
3611 my $cmd;
3612 $cmd .= "ctdb/tests/local_daemons.sh " . $prefix_abs . " setup";
3613 $cmd .= " -n " . $num_nodes;
3614 $cmd .= " -N " . $nodes_file;
3615 # CTDB should not attempt to manage public addresses -
3616 # clients should just connect to CTDB private addresses
3617 $cmd .= " -P " . "/dev/null";
3618
3619 my $ret = system($cmd);
3620 if ($ret != 0) {
3621 print("\"$cmd\" failed\n");
3622 return undef;
3623 }
3624
3625 #
3626 # Unix domain socket and node directory for each daemon
3627 #
3628 for (my $i = 0; $i < $num_nodes; $i++) {
3629 my ($cmd, $ret, $out);
3630
3631 my $cmd_prefix = "ctdb/tests/local_daemons.sh ${prefix_abs}";
3632
3633 #
3634 # socket
3635 #
3636
3637 $cmd = "${cmd_prefix} print-socket ${i}";
3638
3639 $out = `$cmd`;
3640 $ret = $?;
3641 if ($ret != 0) {
3642 print("\"$cmd\" failed\n");
3643 return undef;
3644 }
3645 chomp $out;
3646 $nodes[$i]->{SOCKET_FILE} = "$out";
3647
3648 #
3649 # node directory
3650 #
3651
3652 $cmd = "${cmd_prefix} onnode ${i} 'echo \$CTDB_BASE'";
3653
3654 $out = `$cmd`;
3655 $ret = $?;
3656 if ($ret != 0) {
3657 print("\"$cmd\" failed\n");
3658 return undef;
3659 }
3660 chomp $out;
3661 $nodes[$i]->{NODE_PREFIX} = "$out";
3662 }
3663
3664 my %ret = ();
3665
3666 $ret{CTDB_PREFIX} = "$prefix";
3667 $ret{NUM_NODES} = $num_nodes;
3668 $ret{CTDB_NODES} = \@nodes;
3669 $ret{CTDB_NODES_FILE} = $nodes_file;
3670
3671 return \%ret;
3672 }
3673
3674 sub check_or_start_ctdb($$) {
3675 my ($self, $data) = @_;
3676
3677 my $prefix = $data->{CTDB_PREFIX};
3678 my $num_nodes = $data->{NUM_NODES};
3679 my $nodes = $data->{CTDB_NODES};
3680 my $STDIN_READER;
3681
3682 # Share a single stdin pipe for all nodes
3683 pipe($STDIN_READER, $data->{CTDB_STDIN_PIPE});
3684
3685 for (my $i = 0; $i < $num_nodes; $i++) {
3686 my $node = $nodes->[$i];
3687
3688 $node->{STDIN_PIPE} = $data->{CTDB_STDIN_PIPE};
3689
3690 my $cmd = "ctdb/tests/local_daemons.sh";
3691 my @full_cmd = ("$cmd", "$prefix", "start", "$i");
3692 my $daemon_ctx = {
3693 NAME => "ctdbd",
3694 BINARY_PATH => $cmd,
3695 FULL_CMD => [ @full_cmd ],
3696 TEE_STDOUT => 1,
3697 LOG_FILE => "/dev/null",
3698 ENV_VARS => {},
3699 };
3700
3701 print "STARTING CTDBD (node ${i})\n";
3702
3703 # This does magic with $STDIN_READER, so use it
3704 my $ret = Samba::fork_and_exec($self,
3705 $node,
3706 $daemon_ctx,
3707 $STDIN_READER);
3708
3709 if ($ret == 0) {
3710 print("\"$cmd\" failed\n");
3711 teardown_env_ctdb($self, $data);
3712 return 0;
3713 }
3714 }
3715
3716 close($STDIN_READER);
3717
3718 return 1;
3719 }
3720
3721 sub wait_for_start_ctdb($$)
3722 {
3723 my ($self, $data) = @_;
3724
3725 my $prefix = $data->{CTDB_PREFIX};
3726
3727 print "Wait for ctdbd...\n";
3728
3729 my $ctdb = Samba::bindir_path($self, "ctdb");
3730 my $cmd;
3731 $cmd .= "ctdb/tests/local_daemons.sh ${prefix} onnode all";
3732 $cmd .= " ${ctdb} nodestatus all 2>&1";
3733
3734 my $count = 0;
3735 my $wait_seconds = 60;
3736 my $out;
3737
3738 until ($count > $wait_seconds) {
3739 $out = `$cmd`;
3740 my $ret = $?;
3741 if ($ret == 0) {
3742 print "\ncluster became healthy\n";
3743 last;
3744 }
3745 print "Waiting for CTDB...\n";
3746 sleep(1);
3747 $count++;
3748 }
3749
3750 if ($count > $wait_seconds) {
3751 print "\nGiving up to wait for CTDB...\n";
3752 print "${out}\n\n";
3753 print "CTDB log:\n";
3754 $cmd = "ctdb/tests/local_daemons.sh ${prefix} print-log all >&2";
3755 system($cmd);
3756 teardown_env_ctdb($self, $data);
3757 return 0;
3758 }
3759
3760 print "\nCTDB initialized\n";
3761
3762 return 1;
3763 }
3764
3765 1;
Samba GIT mirror