selftest/target/Samba.pm

   1 #!/usr/bin/perl
   2 # Bootstrap Samba and run a number of tests against it.
   3 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
   4 # Published under the GNU GPL, v3 or later.
   5
   6 package Samba;
   7
   8 use strict;
   9 use target::Samba3;
  10 use target::Samba4;
  11 use POSIX;
  12 use Cwd qw(abs_path);
  13
  14 sub new($$$$$) {
  15         my ($classname, $bindir, $ldap, $srcdir, $server_maxtime) = @_;
  16
  17         my $self = {
  18             samba3 => new Samba3($bindir, $srcdir, $server_maxtime),
  19             samba4 => new Samba4($bindir, $ldap, $srcdir, $server_maxtime),
  20         };
  21         bless $self;
  22         return $self;
  23 }
  24
  25 sub setup_env($$$)
  26 {
  27         my ($self, $envname, $path) = @_;
  28
  29         $ENV{ENVNAME} = $envname;
  30
  31         my $env = $self->{samba4}->setup_env($envname, $path);
  32         if (defined($env) and $env ne "UNKNOWN") {
  33             if (not defined($env->{target})) {
  34                 $env->{target} = $self->{samba4};
  35             }
  36         } elsif (defined($env) and $env eq "UNKNOWN") {
  37                 $env = $self->{samba3}->setup_env($envname, $path);
  38                 if (defined($env) and $env ne "UNKNOWN") {
  39                     if (not defined($env->{target})) {
  40                         $env->{target} = $self->{samba3};
  41                     }
  42                 }
  43         }
  44         if (defined($env) and ($env eq "UNKNOWN")) {
  45                 warn("Samba can't provide environment '$envname'");
  46                 return "UNKNOWN";
  47         }
  48         if (not defined $env) {
  49                 warn("failed to start up environment '$envname'");
  50                 return undef;
  51         }
  52         return $env;
  53 }
  54
  55 sub bindir_path($$) {
  56         my ($object, $path) = @_;
  57
  58         my $valpath = "$object->{bindir}/$path";
  59
  60         return $valpath if (-f $valpath or -d $valpath);
  61         return $path;
  62 }
  63
  64 sub nss_wrapper_winbind_so_path($) {
  65         my ($object) = @_;
  66         my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
  67         if (not defined($ret)) {
  68             $ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2");
  69             $ret = abs_path($ret);
  70         }
  71         return $ret;
  72 }
  73
  74 sub copy_file_content($$)
  75 {
  76         my ($in, $out) = @_;
  77         open(IN, "${in}") or die("failed to open in[${in}] for reading: $!");
  78         open(OUT, ">${out}") or die("failed to open out[${out}] for writing: $!");
  79         while(<IN>) {
  80                 print OUT $_;
  81         }
  82         close(OUT);
  83         close(IN);
  84 }
  85
  86 sub prepare_keyblobs($)
  87 {
  88         my ($ctx) = @_;
  89
  90         my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
  91         my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
  92         my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
  93         my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}";
  94         my $dcdir = "$cadir/DCs/$dcdnsname";
  95         my $dccert = "$dcdir/DC-$dcdnsname-cert.pem";
  96         my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem";
  97         my $userprincipalname = "administrator\@$ctx->{dnsname}";
  98         my $userdir = "$cadir/Users/$userprincipalname";
  99         my $usercert = "$userdir/USER-$userprincipalname-cert.pem";
 100         my $userkey_private = "$userdir/USER-$userprincipalname-private-key.pem";
 101
 102         my $tlsdir = "$ctx->{tlsdir}";
 103         my $pkinitdir = "$ctx->{prefix_abs}/pkinit";
 104         #TLS and PKINIT crypto blobs
 105         my $dhfile = "$tlsdir/dhparms.pem";
 106         my $cafile = "$tlsdir/ca.pem";
 107         my $crlfile = "$tlsdir/crl.pem";
 108         my $certfile = "$tlsdir/cert.pem";
 109         my $keyfile = "$tlsdir/key.pem";
 110         my $usercertfile = "$pkinitdir/USER-$userprincipalname-cert.pem";
 111         my $userkeyfile = "$pkinitdir/USER-$userprincipalname-private-key.pem";
 112
 113         mkdir($tlsdir, 0700);
 114         mkdir($pkinitdir, 0700);
 115         my $oldumask = umask;
 116         umask 0077;
 117
 118         # This is specified here to avoid draining entropy on every run
 119         # generate by
 120         # openssl dhparam -out dhparms.pem -text -2 8192
 121         open(DHFILE, ">$dhfile");
 122         print DHFILE <<EOF;
 123 -----BEGIN DH PARAMETERS-----
 124 MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87
 125 SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe
 126 pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx
 127 XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB
 128 WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y
 129 yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p
 130 jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb
 131 Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i
 132 N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR
 133 +yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi
 134 YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn
 135 tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d
 136 05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU
 137 OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7
 138 MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL
 139 xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM
 140 04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV
 141 /cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM
 142 XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ
 143 DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H
 144 YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx
 145 RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg==
 146 -----END DH PARAMETERS-----
 147 EOF
 148         close(DHFILE);
 149
 150         if (! -e ${dckey_private}) {
 151                 umask $oldumask;
 152                 return;
 153         }
 154
 155         copy_file_content(${cacert}, ${cafile});
 156         copy_file_content(${cacrl_pem}, ${crlfile});
 157         copy_file_content(${dccert}, ${certfile});
 158         copy_file_content(${dckey_private}, ${keyfile});
 159         if (-e ${userkey_private}) {
 160                 copy_file_content(${usercert}, ${usercertfile});
 161                 copy_file_content(${userkey_private}, ${userkeyfile});
 162         }
 163
 164         # COMPAT stuff to be removed in a later commit
 165         my $kdccertfile = "$tlsdir/kdc.pem";
 166         copy_file_content(${dccert}, ${kdccertfile});
 167         if (-e ${userkey_private}) {
 168                 my $adminkeyfile = "$tlsdir/adminkey.pem";
 169                 my $admincertfile = "$tlsdir/admincert.pem";
 170                 my $admincertupnfile = "$tlsdir/admincertupn.pem";
 171                 copy_file_content(${userkey_private}, ${adminkeyfile});
 172                 copy_file_content(${usercert}, ${admincertfile});
 173                 copy_file_content(${usercert}, ${admincertupnfile});
 174         }
 175
 176         umask $oldumask;
 177 }
 178
 179 sub mk_krb5_conf($$)
 180 {
 181         my ($ctx) = @_;
 182
 183         unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
 184                 warn("can't open $ctx->{krb5_conf}$?");
 185                 return undef;
 186         }
 187
 188         my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
 189                                                  $ctx->{dnsname},
 190                                                  $ctx->{domain},
 191                                                  $ctx->{kdc_ipv4});
 192         print KRB5CONF "
 193 #Generated krb5.conf for $ctx->{realm}
 194
 195 [libdefaults]
 196  default_realm = $ctx->{realm}
 197  dns_lookup_realm = false
 198  dns_lookup_kdc = true
 199  ticket_lifetime = 24h
 200  forwardable = yes
 201  allow_weak_crypto = yes
 202
 203 ";
 204
 205         if (defined($ctx->{supported_enctypes})) {
 206                 print KRB5CONF "
 207  default_etypes = $ctx->{supported_enctypes}
 208  default_as_etypes = $ctx->{supported_enctypes}
 209  default_tgs_enctypes = $ctx->{supported_enctypes}
 210  default_tkt_enctypes = $ctx->{supported_enctypes}
 211  permitted_enctypes = $ctx->{supported_enctypes}
 212 ";
 213         }
 214
 215         print KRB5CONF "
 216 [realms]
 217  $our_realms_stanza
 218 ";
 219
 220
 221         if (defined($ctx->{tlsdir})) {
 222                print KRB5CONF "
 223
 224 [appdefaults]
 225         pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
 226
 227 [kdc]
 228         enable-pkinit = true
 229         pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem
 230         pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem
 231
 232 ";
 233         }
 234         close(KRB5CONF);
 235 }
 236
 237 sub mk_realms_stanza($$$$)
 238 {
 239         my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
 240         my $lc_domain = lc($domain);
 241
 242         my $realms_stanza = "
 243  $realm = {
 244   kdc = $kdc_ipv4:88
 245   admin_server = $kdc_ipv4:88
 246   default_domain = $dnsname
 247  }
 248  $dnsname = {
 249   kdc = $kdc_ipv4:88
 250   admin_server = $kdc_ipv4:88
 251   default_domain = $dnsname
 252  }
 253  $domain = {
 254   kdc = $kdc_ipv4:88
 255   admin_server = $kdc_ipv4:88
 256   default_domain = $dnsname
 257  }
 258  $lc_domain = {
 259   kdc = $kdc_ipv4:88
 260   admin_server = $kdc_ipv4:88
 261   default_domain = $dnsname
 262  }
 263
 264 ";
 265         return $realms_stanza;
 266 }
 267
 268 sub get_interface($)
 269 {
 270     my ($netbiosname) = @_;
 271     $netbiosname = lc($netbiosname);
 272
 273     my %interfaces = ();
 274     $interfaces{"localnt4dc2"} = 3;
 275     $interfaces{"localnt4member3"} = 4;
 276     $interfaces{"localshare4"} = 5;
 277
 278     $interfaces{"localktest6"} = 7;
 279     $interfaces{"maptoguest"} = 8;
 280     $interfaces{"localnt4dc9"} = 9;
 281
 282     # 11-16 used by selftest.pl for client interfaces
 283
 284     $interfaces{"localdc"} = 21;
 285     $interfaces{"localvampiredc"} = 22;
 286     $interfaces{"s4member"} = 23;
 287     $interfaces{"localrpcproxy"} = 24;
 288     $interfaces{"dc5"} = 25;
 289     $interfaces{"dc6"} = 26;
 290     $interfaces{"dc7"} = 27;
 291     $interfaces{"rodc"} = 28;
 292     $interfaces{"localadmember"} = 29;
 293     $interfaces{"addc"} = 30;
 294     $interfaces{"localsubdc"} = 31;
 295     $interfaces{"chgdcpass"} = 32;
 296     $interfaces{"promotedvdc"} = 33;
 297     $interfaces{"rfc2307member"} = 34;
 298     $interfaces{"fileserver"} = 35;
 299     $interfaces{"fakednsforwarder1"} = 36;
 300     $interfaces{"fakednsforwarder2"} = 37;
 301
 302     # update lib/socket_wrapper/socket_wrapper.c
 303     #  #define MAX_WRAPPED_INTERFACES 40
 304     # if you wish to have more than 40 interfaces
 305
 306     if (not defined($interfaces{$netbiosname})) {
 307         die();
 308     }
 309
 310     return $interfaces{$netbiosname};
 311 }
 312
 313 sub cleanup_child($$)
 314 {
 315     my ($pid, $name) = @_;
 316
 317     if (!defined($pid)) {
 318         print STDERR "cleanup_child: pid not defined ... not calling waitpid\n";
 319         return -1;
 320     }
 321
 322     my $childpid = waitpid($pid, WNOHANG);
 323
 324     if ($childpid == 0) {
 325     } elsif ($childpid < 0) {
 326         printf STDERR "%s child process %d isn't here any more\n", $name, $pid;
 327         return $childpid;
 328     } elsif ($? & 127) {
 329         printf STDERR "%s child process %d, died with signal %d, %s coredump\n",
 330                 $name, $childpid, ($? & 127),  ($? & 128) ? 'with' : 'without';
 331     } else {
 332         printf STDERR "%s child process %d exited with value %d\n", $name, $childpid, $? >> 8;
 333     }
 334     return $childpid;
 335 }
 336
 337 1;