| blob | 8bb7a96bc3db9437c14cff897658794127692daa |
1 #!/usr/bin/perl
2 # Bootstrap Samba and run a number of tests against it.
3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Published under the GNU GPL, v3 or later.
11 use POSIX;
13 sub new($$$$) {
16 vars => {},
20 };
23 }
25 sub openldap_start($$$) {
31 }
33 sub slapd_start($$)
34 {
40 # running slapd in the background means it stays in the same process group, so it can be
41 # killed by timelimit
43 system("$ENV{FEDORA_DS_PREFIX}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
46 }
47 while (system("$self->{bindir}/ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
51 return 0;
52 }
53 sleep(1);
54 }
55 return 1;
56 }
58 sub slapd_stop($$)
59 {
66 kill 9, <IN>;
67 close(IN);
68 }
69 }
71 sub check_or_start($$$)
72 {
80 print "STARTING SMBD... ";
85 open STDERR, '>&STDOUT';
92 }
96 # Start slapd before smbd, but with the fifo on stdin
99 die("couldn't start slapd (2nd time)");
100 }
105 }
106 my $ret = system("$valgrind $self->{bindir}/smbd $optarg $env_vars->{CONFIGURATION} -M single -i --leak-report-full");
107 if ($? == -1) {
109 exit 1;
110 }
117 } else {
120 }
122 }
128 }
130 sub wait_for_start($$)
131 {
133 # give time for nbt server to register its names
136 # This will return quickly when things are up, but be slow if we
137 # need to wait for (eg) SSL init
139 system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{SERVER}");
141 system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
143 system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
145 system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
147 system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
150 }
152 sub write_ldb_file($$$)
153 {
158 return close(LDIF);
159 }
161 sub add_wins_config($$)
162 {
166 dn: name=TORTURE_6,CN=PARTNERS
167 objectClass: wreplPartner
168 name: TORTURE_6
169 address: 127.0.0.6
170 pullInterval: 0
171 pushChangeCount: 0
172 type: 0x3
173 ");
174 }
176 sub mk_fedora($$$$$$)
177 {
185 #Make the subdirectory be as fedora DS would expect
191 print CONF "
192 [General]
194 FullMachineName= localhost
197 [slapd]
202 ServerIdentifier= samba4
217 start_server= 0
218 ";
219 close(CONF);
222 print LDIF "
223 # These entries need to be added to get the container for the
224 # provision to be aimed at.
227 objectclass: top
228 objectclass: extensibleObject
229 objectclass: nsMappingTree
230 nsslapd-state: backend
231 nsslapd-backend: userData
234 dn: cn=userData,cn=ldbm database,cn=plugins,cn=config
235 objectclass: extensibleObject
236 objectclass: nsBackendInstance
238 cn=userData
241 objectclass: top
242 objectclass: extensibleObject
243 objectclass: nsMappingTree
244 nsslapd-state: backend
245 nsslapd-backend: configData
249 dn: cn=configData,cn=ldbm database,cn=plugins,cn=config
250 objectclass: extensibleObject
251 objectclass: nsBackendInstance
253 cn=configData
256 objectclass: top
257 objectclass: extensibleObject
258 objectclass: nsMappingTree
259 nsslapd-state: backend
260 nsslapd-backend: schemaData
264 dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config
265 objectclass: extensibleObject
266 objectclass: nsBackendInstance
268 cn=schemaData
269 ";
270 close(LDIF);
277 }
280 unlink unless (/00core.*/);
281 }
284 print LDIF "dn: cn=bitwise,cn=plugins,cn=config
285 objectClass: top
286 objectClass: nsSlapdPlugin
287 objectClass: extensibleObject
288 cn: bitwise
290 nsslapd-pluginInitfunc: bitwise_init
291 nsslapd-pluginType: matchingRule
292 nsslapd-pluginEnabled: on
293 nsslapd-pluginId: bitwise
294 nsslapd-pluginVersion: 1.1.0a3
295 nsslapd-pluginVendor: Fedora Project
296 nsslapd-pluginDescription: Allow bitwise matching rules
297 ";
298 close(LDIF);
300 system("$self->{bindir}/ad2oLschema $configuration -H $privatedir/sam.ldb --option=convert:target=fedora-ds -I $self->{setupdir}/schema-map-fedora-ds-1.0 -O $fedora_ds_dir/schema/99_ad.ldif >&2") == 0 or die("schema conversion for Fedora DS failed");
303 }
305 sub write_openldap_dbconfig($) {
308 print CONF "
309 #
310 # Set the database in memory cache size.
311 #
312 set_cachesize 0 524288 0
315 #
316 # Set database flags (this is a test environment, we don't need to fsync()).
317 #
318 set_flags DB_TXN_NOSYNC
320 #
321 # Set log values.
322 #
323 set_lg_regionmax 104857
324 set_lg_max 1048576
325 set_lg_bsize 209715
329 #
330 # Set temporary file creation directory.
331 #
333 ";
334 close(CONF);
337 }
339 sub mk_openldap($$$$$$$$)
340 {
341 my ($self, $ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, $provision_options) = @_;
347 mkdir($_, 0777) foreach ($ldapdir, "$ldapdir/db", "$ldapdir/db/user", "$ldapdir/db/config", "$ldapdir/db/schema", "$ldapdir/db/bdb-logs",
351 print CONF "
352 loglevel 0
359 access to * by * write
361 allow update_anon
363 authz-regexp
367 authz-regexp
368 uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
375 backend bdb
376 database bdb
379 index objectClass eq
380 index samAccountName eq
381 index name eq
382 index objectCategory eq
383 index lDAPDisplayName eq
384 index subClassOf eq
386 database bdb
389 index objectClass eq
390 index samAccountName eq
391 index name eq
392 index objectSid eq
393 index objectCategory eq
394 index nCName eq pres
395 index subClassOf eq
396 index dnsRoot eq
397 index nETBIOSName eq pres
399 database bdb
404 index objectClass eq
405 index samAccountName eq
406 index name eq
407 index objectSid eq
408 index objectCategory eq
409 index member eq
410 index uidNumber eq
411 index gidNumber eq
412 index unixName eq
413 index privilege eq
414 index nCName eq pres
415 index lDAPDisplayName eq
416 index subClassOf eq
417 index dnsRoot eq
418 index nETBIOSName eq pres
420 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.
421 #We only need this for the contextCSN attribute anyway....
422 overlay syncprov
423 syncprov-checkpoint 100 10
424 syncprov-sessionlog 100
425 ";
427 close(CONF);
433 #This uses the provision we just did, to read out the schema
434 system("$self->{bindir}/ad2oLschema $configuration -H $privatedir/sam.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/ad.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
436 #Now create an LDAP baseDN
437 system("$self->{bindir}/smbscript $self->{setupdir}/provision $provision_options --ldap-base >&2") == 0 or die("creating an OpenLDAP basedn failed");
447 # enable slapd modules
448 print CONF "
449 modulepath /usr/lib/ldap
450 moduleload back_bdb
451 moduleload syncprov
452 ";
453 close(CONF);
454 }
457 system("slapadd -b $basedn -f $slapd_conf -l $privatedir/$dnsname.ldif >/dev/null") == 0 or die("slapadd failed");
458 system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
459 system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
462 die ("slaptest after database load failed");
467 }
469 sub provision($$$$$)
470 {
507 print CONFFILE "
508 [global]
520 name resolve order = bcast
524 wins support = yes
526 max xmit = 32K
527 server max protocol = SMB2
528 notify:inotify = false
529 ldb:nosync = true
530 system:anonymous = true
531 #We don't want to pass our self-tests if the PAC code is wrong
532 gensec:require_pac = true
535 [tmp]
537 read only = no
538 ntvfs handler = posix
539 posix:sharedelay = 100000
542 [cifs]
543 read only = no
544 ntvfs handler = cifs
546 cifs:share = tmp
547 #There is no username specified here, instead the client is expected
548 #to log in with kerberos, and smbd will used delegated credentials.
550 [simple]
552 read only = no
553 ntvfs handler = simple
555 [cifsposixtestshare]
556 copy = simple
557 ntvfs handler = cifsposix
558 ";
559 close(CONFFILE);
561 die ("Unable to create key blobs") if
565 print KRB5CONF "
568 [libdefaults]
570 dns_lookup_realm = false
571 dns_lookup_kdc = false
572 ticket_lifetime = 24h
573 forwardable = yes
575 [realms]
577 kdc = 127.0.0.1:88
578 admin_server = 127.0.0.1:88
580 }
582 kdc = 127.0.0.1:88
583 admin_server = 127.0.0.1:88
585 }
587 kdc = 127.0.0.1:88
588 admin_server = 127.0.0.1:88
590 }
592 [appdefaults]
595 [kdc]
596 enable-pkinit = true
600 [domain_realm]
602 ";
603 close(KRB5CONF);
605 #Ensure the config file is valid before we start
606 if (system("$self->{bindir}/testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
608 die("Failed to create a valid smb.conf configuration!");
609 }
611 (system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i ^$netbiosname ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration!");
625 (system("$self->{bindir}/smbscript $self->{setupdir}/provision " . join(' ', @provision_options) . ">&2") == 0) or die("Unable to provision");
646 };
653 ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, join(' ', @provision_options)) or die("Unable to create openldap directories");
655 ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora($ldapdir, $basedn, $root, $password, $privatedir, $configuration) or die("Unable to create fedora ds directories");
657 }
660 die("couldn't start slapd");
662 print "LDAP PROVISIONING...";
666 die("couldn't stop slapd");
667 }
669 }
671 sub provision_member($$$)
672 {
674 print "PROVISIONING MEMBER...";
677 "localmember", 3);
681 system("$self->{bindir}/net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} member -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}") == 0 or die("Join failed");
687 }
689 sub provision_dc($$)
690 {
693 print "PROVISIONING DC...";
695 "localtest", 1);
698 die("Unable to add wins configuration");
704 }
706 sub provision_ldap($$)
707 {
712 #it is easier to base64 encode this than correctly escape it:
713 # (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)
714 $provision_aci = "--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK";
715 }
717 system("$self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}") and
718 die("LDAP PROVISIONING failed: $self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}");
719 }
721 sub teardown_env($$)
722 {
725 close(DATA);
727 sleep(2);
733 kill 9, <IN>;
734 close(IN);
735 }
742 }
744 sub getlog_env($$)
745 {
753 while (<LOG>) {
755 }
757 close(LOG);
762 }
764 sub check_env($$)
765 {
772 return 0;
773 }
775 sub setup_env($$$)
776 {
784 }
786 } else {
788 }
789 }
791 sub setup_member($$$$)
792 {
802 }
804 sub setup_dc($$)
805 {
818 }
820 sub stop($)
821 {
823 }
825 1;