summaryrefslogtreecommitdiffstats
path: root/wintest
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
commit8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch)
tree4099e8021376c7d8c05bdf8503093d80e9c7bad0 /wintest
parentInitial commit. (diff)
downloadsamba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz
samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'wintest')
-rw-r--r--wintest/README5
-rw-r--r--wintest/conf/abartlet-jesse.conf104
-rw-r--r--wintest/conf/abartlet.conf104
-rw-r--r--wintest/conf/bbaumbach.conf97
-rw-r--r--wintest/conf/tridge.conf95
-rw-r--r--wintest/conf/zahari-esxi.conf46
-rwxr-xr-xwintest/test-s3.py293
-rwxr-xr-xwintest/test-s4-howto.py728
-rw-r--r--wintest/wintest.py992
9 files changed, 2464 insertions, 0 deletions
diff --git a/wintest/README b/wintest/README
new file mode 100644
index 0000000..b35e625
--- /dev/null
+++ b/wintest/README
@@ -0,0 +1,5 @@
+Please see the wiki page at:
+
+ http://wiki.samba.org/index.php/WinTest
+
+for details on configuring and running wintest
diff --git a/wintest/conf/abartlet-jesse.conf b/wintest/conf/abartlet-jesse.conf
new file mode 100644
index 0000000..64a5f43
--- /dev/null
+++ b/wintest/conf/abartlet-jesse.conf
@@ -0,0 +1,104 @@
+# config file for test-howto.py for abartlet's KVM based setup (using libvirt)
+
+# where the git checkout is
+SOURCETREE : /data/samba/howto/git
+
+# where to install Samba to
+PREFIX : /data/samba/howto/prefix
+
+# debug level which will be put in smb.conf
+DEBUGLEVEL : 1
+
+# commands to control VMs
+VM_POWEROFF : virsh destroy ${VMNAME}
+VM_RESTORE : virsh snapshot-revert ${VMNAME} ${SNAPSHOT}
+VM_RESET : virsh reboot ${VMNAME}
+
+# interfaces to create
+INTERFACE : virbr0:0
+NAMED_INTERFACE : virbr0:1
+
+# this is an additional IP that will be used for named to listen
+# on. It should not be the primary IP of the interface. We need one
+# for BIND (which redirects to the other hosts) and one for Samba,
+# which might be running our own DNS
+
+INTERFACE_IP : 192.168.122.3
+INTERFACE_NET : 192.168.122.3/24
+NAMED_INTERFACE_IP : 192.168.122.2
+NAMED_INTERFACE_NET : 192.168.122.2/24
+
+# how to run bind9
+BIND9 : /usr/sbin/named
+NAMED_CHECKCONF : /usr/sbin/named-checkconf
+RNDC : /usr/sbin/rndc
+BIND_USER : named
+
+# provision information
+REALM : S4.HOWTO.ABARTLET.NET
+LCREALM : s4.howto.abartlet.net
+DOMAIN : s4-howto
+BASEDN : DC=s4,DC=howto,DC=abartlet,DC=net
+PASSWORD1 : p@ssw0rd
+PASSWORD2 : p@ssw0rd2
+PASSWORD3 : p@ssw0rd3
+
+# a Windows7 VM
+WINDOWS7_HOSTNAME : Windows7-3
+WINDOWS7_VM : Windows7-3
+WINDOWS7_SNAPSHOT : 1346650132
+WINDOWS7_USER : administrator
+WINDOWS7_PASS : penguin
+
+# a winxp VM - needs Windows XP Service Pack 2 Support Tools
+#WINXP_HOSTNAME : WinXP-1
+#WINXP_VM : WinXP-1
+#WINXP_SNAPSHOT : 1329361864
+#WINXP_USER : administrator
+#WINXP_PASS : penguin
+
+# Samba will join this w2k8r2 VM as a DC and then as a RODC
+W2K8R2A_HOSTNAME : Win2008R2-3
+W2K8R2A_VM : Win2008R2-3
+W2K8R2A_REALM : 2008R2.HOWTO.ABARTLET.NET
+W2K8R2A_DOMAIN : 2008R2HOWTO
+W2K8R2A_PASS : penguin12#
+W2K8R2A_SNAPSHOT : 1349167901
+W2K8R2A_IP : 192.168.122.24
+
+# this w2k8r2 VM will become a DC in the samba domain
+W2K8R2B_HOSTNAME : Win2008R2-7
+W2K8R2B_VM : Win2008R2-7
+W2K8R2B_PASS : penguin12#
+W2K8R2B_SNAPSHOT : 1347439285
+
+# this w2k8r2 VM will become a RODC in the samba domain
+W2K8R2C_HOSTNAME : Win2008R2-6
+W2K8R2C_VM : Win2008R2-6
+W2K8R2C_PASS : penguin12#
+W2K8R2C_SNAPSHOT : 1347437454
+
+# Samba will join this w2k3 VM as a DC
+#W2K3A_HOSTNAME : Win2003R2-2
+#W2K3A_VM : Win2003R2-2
+#W2K3A_REALM : 2003.HOWTO.ABARTLET.NET
+#W2K3A_DOMAIN : 2003HOWTO
+#W2K3A_PASS : penguin
+#W2K3A_SNAPSHOT : 1314652035
+#W2K3A_IP : 192.168.122.91
+
+# this w2k3 VM will become a DC in the samba domain
+W2K3B_HOSTNAME : Win2003R2-4
+W2K3B_VM : Win2003R2-4
+W2K3B_PASS : penguin
+W2K3B_SNAPSHOT : 1347424723
+W2K3B_IP : 192.168.122.164
+
+# this w2k3 VM will become a member in the samba domain
+W2K3C_HOSTNAME : Win2003R2-3
+W2K3C_VM : Win2003R2-3
+W2K3C_PASS : penguin
+W2K3C_SNAPSHOT : 1347423953
+W2K3C_IP : 192.168.122.162
+
+
diff --git a/wintest/conf/abartlet.conf b/wintest/conf/abartlet.conf
new file mode 100644
index 0000000..78c0287
--- /dev/null
+++ b/wintest/conf/abartlet.conf
@@ -0,0 +1,104 @@
+# config file for test-howto.py for abartlet's KVM based setup (using libvirt)
+
+# where the git checkout is
+SOURCETREE : /data/samba/howto/git
+
+# where to install Samba to
+PREFIX : /data/samba/howto/prefix
+
+# debug level which will be put in smb.conf
+DEBUGLEVEL : 1
+
+# commands to control VMs
+VM_POWEROFF : virsh destroy ${VMNAME}
+VM_RESTORE : virsh snapshot-revert ${VMNAME} ${SNAPSHOT}
+VM_RESET : virsh reboot ${VMNAME}
+
+# interfaces to create
+INTERFACE : virbr0:0
+NAMED_INTERFACE : virbr0:1
+
+# this is an additional IP that will be used for named to listen
+# on. It should not be the primary IP of the interface. We need one
+# for BIND (which redirects to the other hosts) and one for Samba,
+# which might be running our own DNS
+
+INTERFACE_IP : 192.168.122.3
+INTERFACE_NET : 192.168.122.3/24
+NAMED_INTERFACE_IP : 192.168.122.2
+NAMED_INTERFACE_NET : 192.168.122.2/24
+
+# how to run bind9
+BIND9 : /usr/sbin/named
+NAMED_CHECKCONF : /usr/sbin/named-checkconf
+RNDC : /usr/sbin/rndc
+BIND_USER : named
+
+# provision information
+REALM : S4.HOWTO.ABARTLET.NET
+LCREALM : s4.howto.abartlet.net
+DOMAIN : s4-howto
+BASEDN : DC=s4,DC=howto,DC=abartlet,DC=net
+PASSWORD1 : p@ssw0rd
+PASSWORD2 : p@ssw0rd2
+PASSWORD3 : p@ssw0rd3
+
+# a Windows7 VM
+WINDOWS7_HOSTNAME : Windows7-3
+WINDOWS7_VM : Windows7-3
+WINDOWS7_SNAPSHOT : 1329351855
+WINDOWS7_USER : administrator
+WINDOWS7_PASS : penguin
+
+# a winxp VM - needs Windows XP Service Pack 2 Support Tools
+WINXP_HOSTNAME : WinXP-1
+WINXP_VM : WinXP-1
+WINXP_SNAPSHOT : 1329361864
+WINXP_USER : administrator
+WINXP_PASS : penguin
+
+# Samba will join this w2k8r2 VM as a DC and then as a RODC
+W2K8R2A_HOSTNAME : Win2008R2-3
+W2K8R2A_VM : Win2008R2-3
+W2K8R2A_REALM : 2008R2.HOWTO.ABARTLET.NET
+W2K8R2A_DOMAIN : 2008R2HOWTO
+W2K8R2A_PASS : penguin12#
+W2K8R2A_SNAPSHOT : 1329218595
+W2K8R2A_IP : 192.168.122.57
+
+# this w2k8r2 VM will become a DC in the samba domain
+W2K8R2B_HOSTNAME : Win2008R2-7
+W2K8R2B_VM : Win2008R2-7
+W2K8R2B_PASS : penguin12#
+W2K8R2B_SNAPSHOT : 1329964204
+
+# this w2k8r2 VM will become a RODC in the samba domain
+W2K8R2C_HOSTNAME : Win2008R2-6
+W2K8R2C_VM : Win2008R2-6
+W2K8R2C_PASS : penguin12#
+W2K8R2C_SNAPSHOT : 1329785556
+
+# Samba will join this w2k3 VM as a DC
+W2K3A_HOSTNAME : Win2003R2-2
+W2K3A_VM : Win2003R2-2
+W2K3A_REALM : 2003.HOWTO.ABARTLET.NET
+W2K3A_DOMAIN : 2003HOWTO
+W2K3A_PASS : penguin
+W2K3A_SNAPSHOT : 1314652035
+W2K3A_IP : 192.168.122.91
+
+# this w2k3 VM will become a DC in the samba domain
+W2K3B_HOSTNAME : Win2003R2-4
+W2K3B_VM : Win2003R2-4
+W2K3B_PASS : penguin
+W2K3B_SNAPSHOT : 1331186260
+W2K3B_IP : 192.168.122.164
+
+# this w2k3 VM will become a member in the samba domain
+W2K3C_HOSTNAME : Win2003R2-3
+W2K3C_VM : Win2003R2-3
+W2K3C_PASS : penguin
+W2K3C_SNAPSHOT : 1329451062
+W2K3C_IP : 192.168.122.162
+
+
diff --git a/wintest/conf/bbaumbach.conf b/wintest/conf/bbaumbach.conf
new file mode 100644
index 0000000..aaacd32
--- /dev/null
+++ b/wintest/conf/bbaumbach.conf
@@ -0,0 +1,97 @@
+# Björn Baumbachs wintest config file
+# Using VirtualBox in headless mode. Since it's not possible to
+# startup VMs in gui mode.
+
+# where the git checkout is
+SOURCETREE : /home/bbaumba/src/git/samba
+
+# where to install Samba to
+PREFIX : /smbTest/wintest
+
+# debug level which will be put in smb.conf
+DEBUGLEVEL : 1
+
+# commands to control VMs
+VM_POWEROFF : su bbaumba -c "VBoxManage controlvm ${VMNAME} poweroff"
+VM_RESTORE : su bbaumba -c "VBoxManage snapshot ${VMNAME} restore ${SNAPSHOT} && VBoxManage startvm ${VMNAME} --type headless"
+VM_RESET : su bbaumba -c "VBoxManage controlvm ${VMNAME} reset"
+
+# interfaces to listen on
+INTERFACE : wintest
+
+# this is an additional IP that will be used for named to listen
+# on. It should not be the primary IP of the interface
+INTERFACE_IP : 192.168.4.77
+INTERFACE_NET : 192.168.4.77/24
+
+# how to run bind9
+BIND9 : /usr/sbin/named
+NAMED_CHECKCONF : /usr/sbin/named-checkconf
+RNDC : /usr/sbin/rndc
+BIND_USER : named
+
+# provision information
+REALM : WINTEST.EXAMPLE.ORG
+LCREALM : wintest.example.org
+DOMAIN : wintest
+BASEDN : DC=wintest,DC=example,DC=org
+PASSWORD1 : p@ssw0rd
+PASSWORD2 : p@ssw0rd2
+PASSWORD3 : p@ssw0rd3
+
+## a Windows7 VM
+#WINDOWS7_HOSTNAME : wintest7
+#WINDOWS7_VM : wintest7
+#WINDOWS7_SNAPSHOT : ready
+#WINDOWS7_USER : Administrator
+#WINDOWS7_PASS : Passw0rd
+
+# a winxp VM - needs Windows XP Service Pack 2 Support Tools
+WINXP_HOSTNAME : wintestxp
+WINXP_VM : wintestxp
+WINXP_SNAPSHOT : ready
+WINXP_USER : Administrator
+WINXP_PASS : geheim
+
+# Samba will join this w2k8r2 VM as a DC and then as a RODC
+#W2K8R2A_HOSTNAME : wintest2k8r2
+#W2K8R2A_VM : wintest2k8r2
+#W2K8R2A_REALM : v2.tridgell.net
+#W2K8R2A_DOMAIN : v2
+#W2K8R2A_PASS : Passw0rd
+#W2K8R2A_SNAPSHOT : ready2
+#W2K8R2A_IP : 192.168.4.103
+
+
+## this w2k8r2 VM will become a DC in the samba domain
+#W2K8R2B_HOSTNAME : w2k8r2b
+#W2K8R2B_VM : w2k8r2b
+#W2K8R2B_PASS : p@ssw0rd
+#W2K8R2B_SNAPSHOT : howto-test2
+#
+## this w2k8r2 VM will become a RODC in the samba domain
+#W2K8R2C_HOSTNAME : w2k8r2c
+#W2K8R2C_VM : w2k8r2c
+#W2K8R2C_PASS : p@ssw0rd
+#W2K8R2C_SNAPSHOT : howto-test2
+
+# Samba will join this w2k3 VM as a DC
+W2K3A_HOSTNAME : wintest2k3
+W2K3A_VM : wintest2k3
+W2K3A_REALM : vsofs3.com
+W2K3A_DOMAIN : vsofs3
+W2K3A_PASS : Passw0rd
+W2K3A_SNAPSHOT : ready
+W2K3A_IP : 192.168.4.102
+
+## this w2k3 VM will become a DC in the samba domain
+#W2K3B_HOSTNAME : w2k3b
+#W2K3B_VM : w2k3b
+#W2K3B_PASS : penguin
+#W2K3B_SNAPSHOT : howto-test
+#
+## this w2k8 VM will become a DC in the samba domain
+#W2K8B_HOSTNAME : w2k8c
+#W2K8B_VM : w2k8
+#W2K8B_PASS : p@ssw0rd
+#W2K8B_SNAPSHOT : howto-test
diff --git a/wintest/conf/tridge.conf b/wintest/conf/tridge.conf
new file mode 100644
index 0000000..e6d6910
--- /dev/null
+++ b/wintest/conf/tridge.conf
@@ -0,0 +1,95 @@
+# config file for test-howto.py for tridge
+
+# where the git checkout is
+SOURCETREE : /home/tridge/samba/git/howto
+
+# where to install Samba to
+PREFIX : /home/tridge/samba/git/prefix.howto
+
+# debug level which will be put in smb.conf
+DEBUGLEVEL : 1
+
+# commands to control VMs
+VM_POWEROFF : su tridge -c "VBoxManage controlvm ${VMNAME} poweroff"
+VM_RESTORE : su tridge -c "VBoxManage snapshot ${VMNAME} restore ${SNAPSHOT} && VBoxManage startvm ${VMNAME}"
+VM_RESET : su tridge -c "VBoxManage controlvm ${VMNAME} reset"
+
+# interfaces to listen on
+INTERFACE : virbr0:0
+
+# this is an additional IP that will be used for named to listen
+# on. It should not be the primary IP of the interface
+INTERFACE_IP : 10.0.0.2
+INTERFACE_NET : 10.0.0.2/24
+
+# how to run bind9
+BIND9 : /usr/sbin/named
+NAMED_CHECKCONF : /usr/sbin/named-checkconf
+RNDC : /usr/sbin/rndc
+BIND_USER : bind
+
+# provision information
+REALM : HOWTO.TRIDGELL.NET
+LCREALM : howto.tridgell.net
+DOMAIN : howto
+BASEDN : DC=howto,DC=tridgell,DC=net
+PASSWORD1 : p@ssw0rd
+PASSWORD2 : p@ssw0rd2
+PASSWORD3 : p@ssw0rd3
+
+# a Windows7 VM
+WINDOWS7_HOSTNAME : win7
+WINDOWS7_VM : Win7
+WINDOWS7_SNAPSHOT : howto-test2
+WINDOWS7_USER : administrator
+WINDOWS7_PASS : p@ssw0rd
+
+# a winxp VM - needs Windows XP Service Pack 2 Support Tools
+WINXP_HOSTNAME : winxptest
+WINXP_VM : winXP-test
+WINXP_SNAPSHOT : howto-test
+WINXP_USER : tridge
+WINXP_PASS : penguin
+
+# Samba will join this w2k8r2 VM as a DC and then as a RODC
+W2K8R2A_HOSTNAME : w2k8
+W2K8R2A_VM : w2k8r2
+W2K8R2A_REALM : v2.tridgell.net
+W2K8R2A_DOMAIN : v2
+W2K8R2A_PASS : p@ssw0rd5
+W2K8R2A_SNAPSHOT : howto-test
+W2K8R2A_IP : 10.0.0.4
+
+
+# this w2k8r2 VM will become a DC in the samba domain
+W2K8R2B_HOSTNAME : w2k8r2b
+W2K8R2B_VM : w2k8r2b
+W2K8R2B_PASS : p@ssw0rd
+W2K8R2B_SNAPSHOT : howto-test2
+
+# this w2k8r2 VM will become a RODC in the samba domain
+W2K8R2C_HOSTNAME : w2k8r2c
+W2K8R2C_VM : w2k8r2c
+W2K8R2C_PASS : p@ssw0rd
+W2K8R2C_SNAPSHOT : howto-test2
+
+# Samba will join this w2k3 VM as a DC
+W2K3A_HOSTNAME : w2k3
+W2K3A_VM : w2003
+W2K3A_REALM : vsofs3.com
+W2K3A_DOMAIN : vsofs3
+W2K3A_PASS : penguin
+W2K3A_SNAPSHOT : howto-test
+W2K3A_IP : 10.0.0.3
+
+# this w2k3 VM will become a DC in the samba domain
+W2K3B_HOSTNAME : w2k3b
+W2K3B_VM : w2k3b
+W2K3B_PASS : penguin
+W2K3B_SNAPSHOT : howto-test
+
+# this w2k8 VM will become a DC in the samba domain
+W2K8B_HOSTNAME : w2k8c
+W2K8B_VM : w2k8
+W2K8B_PASS : p@ssw0rd
+W2K8B_SNAPSHOT : howto-test
diff --git a/wintest/conf/zahari-esxi.conf b/wintest/conf/zahari-esxi.conf
new file mode 100644
index 0000000..bed6326
--- /dev/null
+++ b/wintest/conf/zahari-esxi.conf
@@ -0,0 +1,46 @@
+# config file for test-howto.py for zahari
+
+# where the git checkout is
+SOURCETREE : /root/samba-master
+
+# where to install Samba to
+PREFIX : /usr/local/samba
+
+# VMware ESX server
+
+# debug level which will be put in smb.conf
+DEBUGLEVEL : 1
+
+# commands to control VMs
+VM_POWEROFF : su zahari -c "sshpass -p p@ssw0rd ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/power.off ${VMNAME} 2>&1; sleep 5"
+VM_RESTORE : su zahari -c "sshpass -p p@ssw0rd ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/snapshot.revert ${VMNAME} ${SNAPSHOT} 2>&1; sleep 5"
+VM_RESET : su zahari -c "sshpass -p p@ssword ssh -o StrictHostKeyChecking=no root@10.191.35.30 vim-cmd vmsvc/power.reboot ${VMNAME} 2>&1; sleep 5"
+
+# interfaces to listen on
+INTERFACE : eth0
+
+# this is an additional IP that will be used for named to listen
+# on. It should not be the primary IP of the interface
+INTERFACE_IP : 10.191.10.90
+INTERFACE_NET : 10.191.10.90/16
+
+# how to run bind9
+BIND9 : /usr/sbin/named
+NAMED_CHECKCONF : /usr/sbin/named-checkconf
+RNDC : /usr/sbin/rndc
+BIND_USER : bind
+
+# provision information
+REALM : HOWTO.SAMBA90.TEST
+LCREALM : howto.samba90.test
+DOMAIN : howto-0
+BASEDN : DC=howto,DC=samba90,DC=test
+PASSWORD1 : p@r0l@123!
+PASSWORD2 : p@r0l@1234!
+PASSWORD3 : p@r0l@12345!
+
+# this w2k8r2 VM will become a DC in the samba domain
+W2K8R2B_HOSTNAME : WIN-SVD8RSRCPSS
+W2K8R2B_VM : 128
+W2K8R2B_PASS : P@r0l@
+W2K8R2B_SNAPSHOT : 0 1
diff --git a/wintest/test-s3.py b/wintest/test-s3.py
new file mode 100755
index 0000000..1c5142b
--- /dev/null
+++ b/wintest/test-s3.py
@@ -0,0 +1,293 @@
+#!/usr/bin/env python3
+
+'''automated testing of Samba3 against windows'''
+
+import wintest
+
+
+def set_libpath(t):
+ t.putenv("LD_LIBRARY_PATH", "${PREFIX}/lib")
+
+
+def set_krb5_conf(t):
+ t.run_cmd("mkdir -p ${PREFIX}/etc")
+ t.write_file("${PREFIX}/etc/krb5.conf",
+ '''[libdefaults]
+ dns_lookup_realm = false
+ dns_lookup_kdc = true''')
+
+ t.putenv("KRB5_CONFIG", '${PREFIX}/etc/krb5.conf')
+
+
+def build_s3(t):
+ '''build samba3'''
+ t.info('Building s3')
+ t.chdir('${SOURCETREE}/source3')
+ t.putenv('CC', 'ccache gcc')
+ t.run_cmd("./autogen.sh")
+ t.run_cmd("./configure -C --prefix=${PREFIX} --enable-developer")
+ t.run_cmd('make basics')
+ t.run_cmd('make -j4')
+ t.run_cmd('rm -rf ${PREFIX}')
+ t.run_cmd('make install')
+
+
+def start_s3(t):
+ t.info('Starting Samba3')
+ t.chdir("${PREFIX}")
+ t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
+ t.run_cmd("rm -f var/locks/*.pid")
+ t.run_cmd(['sbin/nmbd', "-D"])
+ t.run_cmd(['sbin/winbindd', "-D"])
+ t.run_cmd(['sbin/smbd', "-D"])
+ t.port_wait("${INTERFACE_IP}", 139)
+
+
+def test_wbinfo(t):
+ t.info('Testing wbinfo')
+ t.chdir('${PREFIX}')
+ t.cmd_contains("bin/wbinfo --version", ["Version 4."])
+ t.cmd_contains("bin/wbinfo -p", ["Ping to winbindd succeeded"])
+ t.retry_cmd("bin/wbinfo --online-status",
+ ["BUILTIN : online",
+ "${HOSTNAME} : online",
+ "${WIN_DOMAIN} : online"],
+ casefold=True)
+ t.cmd_contains("bin/wbinfo -u",
+ ["${WIN_DOMAIN}/administrator",
+ "${WIN_DOMAIN}/krbtgt"],
+ casefold=True)
+ t.cmd_contains("bin/wbinfo -g",
+ ["${WIN_DOMAIN}/domain users",
+ "${WIN_DOMAIN}/domain guests",
+ "${WIN_DOMAIN}/domain admins"],
+ casefold=True)
+ t.cmd_contains("bin/wbinfo --name-to-sid administrator",
+ "S-1-5-.*-500 SID_USER .1",
+ regex=True)
+ t.cmd_contains("bin/wbinfo --name-to-sid 'domain users'",
+ "S-1-5-.*-513 SID_DOM_GROUP .2",
+ regex=True)
+
+ t.retry_cmd("bin/wbinfo --authenticate=${WIN_DOMAIN}/administrator%${WIN_PASS}",
+ ["plaintext password authentication succeeded",
+ "challenge/response password authentication succeeded"])
+
+ t.retry_cmd("bin/wbinfo --krb5auth=${WIN_DOMAIN}/administrator%${WIN_PASS}",
+ ["succeeded"])
+
+
+def test_smbclient(t):
+ t.info('Testing smbclient')
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.cmd_contains("%s --version" % (smbclient), ["Version 4."])
+ t.cmd_contains('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["Domain=[${WIN_DOMAIN}]", "test", "IPC$", "Samba 4."],
+ casefold=True)
+ child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2}' % (smbclient))
+ child.expect("smb:")
+ child.sendline("dir")
+ child.expect("blocks available")
+ child.sendline("mkdir testdir")
+ child.expect("smb:")
+ child.sendline("cd testdir")
+ child.expect('testdir')
+ child.sendline("cd ..")
+ child.sendline("rmdir testdir")
+
+ child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2} -k' % (smbclient))
+ child.expect("smb:")
+ child.sendline("dir")
+ child.expect("blocks available")
+ child.sendline("mkdir testdir")
+ child.expect("smb:")
+ child.sendline("cd testdir")
+ child.expect('testdir')
+ child.sendline("cd ..")
+ child.sendline("rmdir testdir")
+
+
+def create_shares(t):
+ t.info("Adding test shares")
+ t.chdir('${PREFIX}')
+ t.write_file("etc/smb.conf", '''
+[test]
+ path = ${PREFIX}/test
+ read only = no
+ ''',
+ mode='a')
+ t.run_cmd("mkdir -p test")
+
+
+def prep_join_as_member(t, vm):
+ '''prepare to join a windows domain as a member server'''
+ t.setwinvars(vm)
+ t.info("Starting VMs for joining ${WIN_VM} as a member using net ads join")
+ t.chdir('${PREFIX}')
+ t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
+ t.vm_poweroff("${WIN_VM}", checkfail=False)
+ t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
+ child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
+ t.get_ipconfig(child)
+ t.del_files(["var", "private"])
+ t.write_file("etc/smb.conf", '''
+[global]
+ netbios name = ${HOSTNAME}
+ log level = ${DEBUGLEVEL}
+ realm = ${WIN_REALM}
+ workgroup = ${WIN_DOMAIN}
+ security = ADS
+ bind interfaces only = yes
+ interfaces = ${INTERFACE}
+ winbind separator = /
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ winbind enum users = yes
+ winbind enum groups = yes
+ max protocol = SMB2
+ map hidden = no
+ map system = no
+ ea support = yes
+ panic action = xterm -e gdb --pid %d
+ ''')
+
+
+def join_as_member(t, vm):
+ '''join a windows domain as a member server'''
+ t.setwinvars(vm)
+ t.info("Joining ${WIN_VM} as a member using net ads join")
+ t.port_wait("${WIN_IP}", 389)
+ t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
+ t.cmd_contains("bin/net ads join -Uadministrator%${WIN_PASS}", ["Joined"])
+ t.cmd_contains("bin/net ads testjoin", ["Join is OK"])
+ t.cmd_contains("bin/net ads dns register ${HOSTNAME}.${WIN_REALM} -P", ["Successfully registered hostname with DNS"])
+ t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}",
+ ['${HOSTNAME}.${WIN_REALM} has address'])
+
+
+def create_root_account(t, vm):
+ t.setwinvars(vm)
+ t.info("Creating 'root' account for testing Samba3 member server")
+ t.chdir('${PREFIX}')
+ t.run_cmd('bin/net ads user add root -Uadministrator%${WIN_PASS}')
+ child = t.pexpect_spawn('bin/net ads password root -Uadministrator%${WIN_PASS}')
+ child.expect("Enter new password for root")
+ child.sendline("${PASSWORD2}")
+ child.expect("Password change for ")
+ child.expect(" completed")
+ child = t.pexpect_spawn('bin/net rpc shell -S ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}')
+ child.expect("net rpc>")
+ child.sendline("user edit disabled root no")
+ child.expect("Set root's disabled flag")
+
+
+def test_join_as_member(t, vm):
+ '''test the domain join'''
+ t.setwinvars(vm)
+ t.info('Testing join as member')
+ t.chdir('${PREFIX}')
+ test_wbinfo(t)
+ test_smbclient(t)
+
+
+def test_s3(t):
+ '''basic s3 testing'''
+
+ t.setvar("SAMBA_VERSION", "Version 4")
+ t.setvar("smbclient", "bin/smbclient")
+ t.check_prerequesites()
+ set_libpath(t)
+
+ if not t.skip("configure_bind"):
+ t.configure_bind()
+ if not t.skip("stop_bind"):
+ t.stop_bind()
+ if not t.skip("stop_vms"):
+ t.stop_vms()
+
+ if not t.skip("build"):
+ build_s3(t)
+
+ set_krb5_conf(t)
+ if not t.skip("configure_bind2"):
+ t.configure_bind()
+ if not t.skip("start_bind"):
+ t.start_bind()
+
+ dc_started = False
+ if t.have_var('W2K8R2A_VM') and not t.skip("join_w2k8r2"):
+ t.start_winvm('W2K8R2A')
+ dc_started = True
+ prep_join_as_member(t, "W2K8R2A")
+ t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
+ join_as_member(t, "W2K8R2A")
+ create_shares(t)
+ start_s3(t)
+ create_root_account(t, "W2K8R2A")
+ test_join_as_member(t, "W2K8R2A")
+
+ if t.have_var('WINDOWS7_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_windows7_2008r2"):
+ if not dc_started:
+ t.start_winvm('W2K8R2A')
+ t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
+ dc_started = True
+ else:
+ t.setwinvars('W2K8R2A')
+ realm = t.getvar("WIN_REALM")
+ dom_username = t.getvar("WIN_USER")
+ dom_password = t.getvar("WIN_PASS")
+ dom_realm = t.getvar("WIN_REALM")
+ t.start_winvm('WINDOWS7')
+ t.test_remote_smbclient("WINDOWS7")
+ t.run_winjoin('WINDOWS7', realm, username=dom_username, password=dom_password)
+ t.test_remote_smbclient("WINDOWS7", dom_username, dom_password)
+ t.test_remote_smbclient('WINDOWS7', dom_username, dom_password, args='--option=clientntlmv2auth=no')
+ t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
+ t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --option=clientusespnegoprincipal=yes")
+ t.test_net_use('WINDOWS7', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
+
+ if t.have_var('WINXP_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_winxp_2008r2"):
+ if not dc_started:
+ t.start_winvm('W2K8R2A')
+ t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
+ dc_started = True
+ else:
+ t.setwinvars('W2K8R2A')
+ realm = t.getvar("WIN_REALM")
+ dom_username = t.getvar("WIN_USER")
+ dom_password = t.getvar("WIN_PASS")
+ dom_realm = t.getvar("WIN_REALM")
+ t.start_winvm('WINXP')
+ t.run_winjoin('WINXP', realm, username=dom_username, password=dom_password)
+ t.test_remote_smbclient('WINXP', dom_username, dom_password)
+ t.test_remote_smbclient('WINXP', dom_username, dom_password, args='--option=clientntlmv2auth=no')
+ t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
+ t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --clientusespnegoprincipal=yes")
+ t.test_net_use('WINXP', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
+
+ t.info("S3 test: All OK")
+
+
+def test_cleanup(t):
+ '''cleanup after tests'''
+ t.info("Cleaning up ...")
+ t.restore_resolv_conf()
+ if getattr(t, 'bind_child', False):
+ t.bind_child.kill()
+
+
+if __name__ == '__main__':
+ t = wintest.wintest()
+
+ t.setup("test-s3.py", "source3")
+
+ try:
+ test_s3(t)
+ except:
+ if not t.opts.nocleanup:
+ test_cleanup(t)
+ raise
+
+ if not t.opts.nocleanup:
+ test_cleanup(t)
+ t.info("S3 test: All OK")
diff --git a/wintest/test-s4-howto.py b/wintest/test-s4-howto.py
new file mode 100755
index 0000000..e52711f
--- /dev/null
+++ b/wintest/test-s4-howto.py
@@ -0,0 +1,728 @@
+#!/usr/bin/env python3
+
+'''automated testing of the steps of the Samba4 HOWTO'''
+
+import sys
+import os
+import wintest
+import pexpect
+import time
+import subprocess
+
+
+def set_krb5_conf(t):
+ t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
+
+
+def build_s4(t):
+ '''build samba4'''
+ t.info('Building s4')
+ t.chdir('${SOURCETREE}')
+ t.putenv('CC', 'ccache gcc')
+ t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
+ t.run_cmd('make -j')
+ t.run_cmd('rm -rf ${PREFIX}')
+ t.run_cmd('make -j install')
+
+
+def provision_s4(t, func_level="2008"):
+ '''provision s4 as a DC'''
+ t.info('Provisioning s4')
+ t.chdir('${PREFIX}')
+ t.del_files(["var", "private"])
+ t.run_cmd("rm -f etc/smb.conf")
+ provision = ['bin/samba-tool',
+ 'domain',
+ 'provision',
+ '--realm=${LCREALM}',
+ '--domain=${DOMAIN}',
+ '--adminpass=${PASSWORD1}',
+ '--server-role=domain controller',
+ '--function-level=%s' % func_level,
+ '-d${DEBUGLEVEL}',
+ '--option=interfaces=${INTERFACE}',
+ '--host-ip=${INTERFACE_IP}',
+ '--option=bind interfaces only=yes',
+ '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
+ '--dns-backend=${NAMESERVER_BACKEND}',
+ '${DNS_FORWARDER}']
+ if t.getvar('USE_NTVFS'):
+ provision.append('${USE_NTVFS}')
+
+ if t.getvar('INTERFACE_IPV6'):
+ provision.append('--host-ip6=${INTERFACE_IPV6}')
+ t.run_cmd(provision)
+ t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
+ t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
+ t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
+
+
+def start_s4(t):
+ '''startup samba4'''
+ t.info('Starting Samba4')
+ t.chdir("${PREFIX}")
+ t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
+ t.run_cmd(['sbin/samba',
+ '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
+ t.port_wait("${INTERFACE_IP}", 139)
+
+
+def test_smbclient(t):
+ '''test smbclient against localhost'''
+ t.info('Testing smbclient')
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"])
+ t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
+ child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
+ child.expect("smb:")
+ child.sendline("dir")
+ child.expect("blocks available")
+ child.sendline("mkdir testdir")
+ child.expect("smb:")
+ child.sendline("cd testdir")
+ child.expect('testdir')
+ child.sendline("cd ..")
+ child.sendline("rmdir testdir")
+
+
+def create_shares(t):
+ '''create some test shares'''
+ t.info("Adding test shares")
+ t.chdir('${PREFIX}')
+ t.write_file("etc/smb.conf", '''
+[test]
+ path = ${PREFIX}/test
+ read only = no
+[profiles]
+ path = ${PREFIX}/var/profiles
+ read only = no
+ ''',
+ mode='a')
+ t.run_cmd("mkdir -p test")
+ t.run_cmd("mkdir -p var/profiles")
+
+
+def test_dns(t):
+ '''test that DNS is OK'''
+ t.info("Testing DNS")
+ t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
+ ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
+ t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
+ ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
+ t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
+ ['${HOSTNAME}.${LCREALM} has address'])
+
+
+def test_kerberos(t):
+ '''test that kerberos is OK'''
+ t.info("Testing kerberos")
+ t.run_cmd("kdestroy")
+ t.kinit("administrator@${REALM}", "${PASSWORD1}")
+ # this copes with the differences between MIT and Heimdal klist
+ t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
+
+
+def test_dyndns(t):
+ '''test that dynamic DNS is working'''
+ t.chdir('${PREFIX}')
+ t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
+ if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
+ t.rndc_cmd("flush")
+
+
+def run_winjoin(t, vm):
+ '''join a windows box to our domain'''
+ t.setwinvars(vm)
+
+ t.run_winjoin(t, "${LCREALM}")
+
+
+def test_winjoin(t, vm):
+ t.info("Checking the windows join is OK")
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.port_wait("${WIN_IP}", 139)
+ t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
+ t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
+ t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
+ child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
+ child.expect("The command completed successfully")
+
+
+def run_dcpromo(t, vm):
+ '''run a dcpromo on windows'''
+ t.setwinvars(vm)
+
+ t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
+ child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
+ child.sendline("copy /Y con answers.txt")
+ child.sendline(br'''
+[DCINSTALL]
+RebootOnSuccess=Yes
+RebootOnCompletion=Yes
+ReplicaOrNewDomain=Replica
+ReplicaDomainDNSName=${LCREALM}
+SiteName=Default-First-Site-Name
+InstallDNS=No
+ConfirmGc=Yes
+CreateDNSDelegation=No
+UserDomain=${LCREALM}
+UserName=${LCREALM}\administrator
+Password=${PASSWORD1}
+DatabasePath="C:\Windows\NTDS"
+LogPath="C:\Windows\NTDS"
+SYSVOLPath="C:\Windows\SYSVOL"
+SafeModeAdminPassword=${PASSWORD1}
+
+''')
+ child.expect("copied.")
+ child.expect("C:")
+ child.expect("C:")
+ child.sendline("dcpromo /answer:answers.txt")
+ i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
+ if i == 1 or i == 2:
+ child.sendline("echo off")
+ child.sendline("echo START DCPROMO log")
+ child.sendline(r"more c:\windows\debug\dcpromoui.log")
+ child.sendline("echo END DCPROMO log")
+ child.expect("END DCPROMO")
+ raise Exception("dcpromo failed")
+ t.wait_reboot()
+
+
+def test_dcpromo(t, vm):
+ '''test that dcpromo worked'''
+ t.info("Checking the dcpromo join is OK")
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.port_wait("${WIN_IP}", 139)
+ t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
+ ['${WIN_HOSTNAME}.${LCREALM} has address'],
+ retries=30, delay=10, casefold=True)
+ t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
+ t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+
+ t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
+ t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
+
+ t.kinit("administrator@${REALM}", "${PASSWORD1}")
+
+ # the first replication will transfer the dnsHostname attribute
+ t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
+
+ for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
+ t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
+ t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
+
+ t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
+ ["INBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}", # cope with either order
+ "Last attempt .* was successful",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success"],
+ ordered=True,
+ regex=True)
+
+ t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
+ ["INBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success"],
+ ordered=True,
+ regex=True)
+
+ child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
+ child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
+
+ retries = 10
+ i = child.expect(["The command completed successfully", "The network path was not found"])
+ while i == 1 and retries > 0:
+ child.expect("C:")
+ time.sleep(2)
+ child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
+ i = child.expect(["The command completed successfully", "The network path was not found"])
+ retries -= 1
+
+ t.run_net_time(child)
+
+ t.info("Checking if showrepl is happy")
+ child.sendline("repadmin /showrepl")
+ child.expect("${BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Configuration,${BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Schema,CN=Configuration,${BASEDN}")
+ child.expect("was successful")
+
+ t.info("Checking if new users propagate to windows")
+ t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
+
+ t.info("Checking if new users on windows propagate to samba")
+ child.sendline("net user test3 ${PASSWORD3} /add")
+ while True:
+ i = child.expect(["The command completed successfully",
+ "The directory service was unable to allocate a relative identifier"])
+ if i == 0:
+ break
+ time.sleep(2)
+
+ t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
+
+ t.info("Checking propagation of user deletion")
+ t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
+ child.sendline("net user test3 /del")
+ child.expect("The command completed successfully")
+
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
+ t.vm_poweroff("${WIN_VM}")
+
+
+def run_dcpromo_rodc(t, vm):
+ '''run a RODC dcpromo to join a windows DC to the samba domain'''
+ t.setwinvars(vm)
+ t.info("Joining a w2k8 box to the domain as a RODC")
+ t.vm_poweroff("${WIN_VM}", checkfail=False)
+ t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
+ child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
+ child.sendline("copy /Y con answers.txt")
+ child.sendline(br'''
+[DCInstall]
+ReplicaOrNewDomain=ReadOnlyReplica
+ReplicaDomainDNSName=${LCREALM}
+PasswordReplicationDenied="BUILTIN\Administrators"
+PasswordReplicationDenied="BUILTIN\Server Operators"
+PasswordReplicationDenied="BUILTIN\Backup Operators"
+PasswordReplicationDenied="BUILTIN\Account Operators"
+PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
+PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
+DelegatedAdmin="${DOMAIN}\Administrator"
+SiteName=Default-First-Site-Name
+InstallDNS=No
+ConfirmGc=Yes
+CreateDNSDelegation=No
+UserDomain=${LCREALM}
+UserName=${LCREALM}\administrator
+Password=${PASSWORD1}
+DatabasePath="C:\Windows\NTDS"
+LogPath="C:\Windows\NTDS"
+SYSVOLPath="C:\Windows\SYSVOL"
+SafeModeAdminPassword=${PASSWORD1}
+RebootOnCompletion=No
+
+''')
+ child.expect("copied.")
+ child.sendline("dcpromo /answer:answers.txt")
+ i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
+ if i != 0:
+ child.sendline("echo off")
+ child.sendline("echo START DCPROMO log")
+ child.sendline(r"more c:\windows\debug\dcpromoui.log")
+ child.sendline("echo END DCPROMO log")
+ child.expect("END DCPROMO")
+ raise Exception("dcpromo failed")
+ child.sendline("shutdown -r -t 0")
+ t.wait_reboot()
+
+
+def test_dcpromo_rodc(t, vm):
+ '''test the RODC dcpromo worked'''
+ t.info("Checking the w2k8 RODC join is OK")
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.port_wait("${WIN_IP}", 139)
+ child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
+ child.sendline("ipconfig /registerdns")
+ t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
+ t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
+ child.expect("The command completed successfully")
+
+ t.info("Checking if showrepl is happy")
+ child.sendline("repadmin /showrepl")
+ child.expect("${BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Configuration,${BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Configuration,${BASEDN}")
+ child.expect("was successful")
+
+ for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
+ t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
+
+ t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
+ ["INBOUND NEIGHBORS",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt.*was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt.*was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt.*was successful"],
+ ordered=True,
+ regex=True)
+
+ t.info("Checking if new users are available on windows")
+ t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
+ t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
+ t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.vm_poweroff("${WIN_VM}")
+
+
+def prep_join_as_dc(t, vm):
+ '''start VM and shutdown Samba in preparation to join a windows domain as a DC'''
+ t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
+ t.chdir('${PREFIX}')
+ t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
+ if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
+ t.rndc_cmd('flush')
+ t.run_cmd("rm -rf etc/smb.conf private")
+ child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
+ t.get_ipconfig(child)
+
+
+def join_as_dc(t, vm):
+ '''join a windows domain as a DC'''
+ t.setwinvars(vm)
+ t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
+ t.port_wait("${WIN_IP}", 389)
+ t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
+
+ t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
+ t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
+ t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+
+
+def test_join_as_dc(t, vm):
+ '''test the join of a windows domain as a DC'''
+ t.info("Checking the DC join is OK")
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
+ child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
+
+ t.info("Forcing kcc runs, and replication")
+ t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+ t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+
+ t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
+ for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
+ t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
+ t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
+
+ child.sendline("ipconfig /flushdns")
+ child.expect("Successfully flushed")
+
+ retries = 10
+ i = 1
+ while i == 1 and retries > 0:
+ child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
+ i = child.expect(["The command completed successfully", "The network path was not found"])
+ child.expect("C:")
+ if i == 1:
+ time.sleep(2)
+ retries -= 1
+
+ t.info("Checking if showrepl is happy")
+ child.sendline("repadmin /showrepl")
+ child.expect("${WIN_BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Configuration,${WIN_BASEDN}")
+ child.expect("was successful")
+ child.expect("CN=Configuration,${WIN_BASEDN}")
+ child.expect("was successful")
+
+ t.info("Checking if new users propagate to windows")
+ t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
+
+ t.info("Checking if new users on windows propagate to samba")
+ child.sendline("net user test3 ${PASSWORD3} /add")
+ child.expect("The command completed successfully")
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
+
+ t.info("Checking propagation of user deletion")
+ t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+ child.sendline("net user test3 /del")
+ child.expect("The command completed successfully")
+
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
+
+ t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+
+ t.vm_poweroff("${WIN_VM}")
+
+
+def join_as_rodc(t, vm):
+ '''join a windows domain as a RODC'''
+ t.setwinvars(vm)
+ t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
+ t.port_wait("${WIN_IP}", 389)
+ t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
+ t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
+ t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
+ t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+
+
+def test_join_as_rodc(t, vm):
+ '''test a windows domain RODC join'''
+ t.info("Checking the RODC join is OK")
+ smbclient = t.getvar("smbclient")
+ t.chdir('${PREFIX}')
+ t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
+ t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
+ child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
+
+ t.info("Forcing kcc runs, and replication")
+ t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+ t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
+
+ t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
+ for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
+ t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
+
+ retries = 10
+ i = 1
+ while i == 1 and retries > 0:
+ child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
+ i = child.expect(["The command completed successfully", "The network path was not found"])
+ child.expect("C:")
+ if i == 1:
+ time.sleep(2)
+ retries -= 1
+
+ t.info("Checking if showrepl is happy")
+ child.sendline("repadmin /showrepl")
+ child.expect("DSA invocationID")
+
+ t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
+ ["INBOUND NEIGHBORS",
+ "OUTBOUND NEIGHBORS",
+ "${WIN_BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${WIN_BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${WIN_BASEDN}",
+ "Last attempt .* was successful"],
+ ordered=True,
+ regex=True)
+
+ t.info("Checking if new users on windows propagate to samba")
+ child.sendline("net user test3 ${PASSWORD3} /add")
+ child.expect("The command completed successfully")
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
+
+ # should this work?
+ t.info("Checking if new users propagate to windows")
+ t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
+
+ t.info("Checking propagation of user deletion")
+ child.sendline("net user test3 /del")
+ child.expect("The command completed successfully")
+
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
+ t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
+ t.vm_poweroff("${WIN_VM}")
+
+
+def test_howto(t):
+ '''test the Samba4 howto'''
+
+ t.setvar("SAMBA_VERSION", "Version 4")
+ t.setvar("smbclient", "bin/smbclient4")
+ t.check_prerequesites()
+
+ # we don't need fsync safety in these tests
+ t.putenv('TDB_NO_FSYNC', '1')
+
+ if not t.skip("configure_bind"):
+ t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
+ if not t.skip("stop_bind"):
+ t.stop_bind()
+
+ if not t.skip("stop_vms"):
+ t.stop_vms()
+
+ if not t.skip("build"):
+ build_s4(t)
+
+ if not t.skip("provision"):
+ provision_s4(t)
+
+ set_krb5_conf(t)
+
+ if not t.skip("create-shares"):
+ create_shares(t)
+
+ if not t.skip("starts4"):
+ start_s4(t)
+ if not t.skip("smbclient"):
+ test_smbclient(t)
+
+ if not t.skip("configure_bind2"):
+ t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
+ if not t.skip("start_bind"):
+ t.start_bind()
+
+ if not t.skip("dns"):
+ test_dns(t)
+ if not t.skip("kerberos"):
+ test_kerberos(t)
+ if not t.skip("dyndns"):
+ test_dyndns(t)
+
+ if t.have_vm('WINDOWS7') and not t.skip("windows7"):
+ t.start_winvm("WINDOWS7")
+ t.test_remote_smbclient("WINDOWS7")
+ run_winjoin(t, "WINDOWS7")
+ test_winjoin(t, "WINDOWS7")
+ t.vm_poweroff("${WIN_VM}")
+
+ if t.have_vm('WINXP') and not t.skip("winxp"):
+ t.start_winvm("WINXP")
+ run_winjoin(t, "WINXP")
+ test_winjoin(t, "WINXP")
+ t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
+ t.vm_poweroff("${WIN_VM}")
+
+ if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
+ t.start_winvm("W2K3C")
+ run_winjoin(t, "W2K3C")
+ test_winjoin(t, "W2K3C")
+ t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
+ t.vm_poweroff("${WIN_VM}")
+
+ if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
+ t.info("Testing w2k8r2 RODC dcpromo")
+ t.start_winvm("W2K8R2C")
+ t.test_remote_smbclient('W2K8R2C')
+ run_dcpromo_rodc(t, "W2K8R2C")
+ test_dcpromo_rodc(t, "W2K8R2C")
+
+ if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
+ t.info("Testing w2k8r2 dcpromo")
+ t.start_winvm("W2K8R2B")
+ t.test_remote_smbclient('W2K8R2B')
+ run_dcpromo(t, "W2K8R2B")
+ test_dcpromo(t, "W2K8R2B")
+
+ if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
+ t.info("Testing w2k8 dcpromo")
+ t.start_winvm("W2K8B")
+ t.test_remote_smbclient('W2K8B')
+ run_dcpromo(t, "W2K8B")
+ test_dcpromo(t, "W2K8B")
+
+ if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
+ t.info("Testing w2k3 dcpromo")
+ t.info("Changing to 2003 functional level")
+ provision_s4(t, func_level='2003')
+ create_shares(t)
+ start_s4(t)
+ test_smbclient(t)
+ t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
+ test_dns(t)
+ test_kerberos(t)
+ test_dyndns(t)
+ t.start_winvm("W2K3B")
+ t.test_remote_smbclient('W2K3B')
+ run_dcpromo(t, "W2K3B")
+ test_dcpromo(t, "W2K3B")
+
+ if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
+ t.start_winvm("W2K8R2A")
+ prep_join_as_dc(t, "W2K8R2A")
+ t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
+ join_as_dc(t, "W2K8R2A")
+ create_shares(t)
+ start_s4(t)
+ test_dyndns(t)
+ test_join_as_dc(t, "W2K8R2A")
+
+ if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
+ t.start_winvm("W2K8R2A")
+ prep_join_as_dc(t, "W2K8R2A")
+ t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
+ join_as_rodc(t, "W2K8R2A")
+ create_shares(t)
+ start_s4(t)
+ test_dyndns(t)
+ test_join_as_rodc(t, "W2K8R2A")
+
+ if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
+ t.start_winvm("W2K3A")
+ prep_join_as_dc(t, "W2K3A")
+ t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
+ join_as_dc(t, "W2K3A")
+ create_shares(t)
+ start_s4(t)
+ test_dyndns(t)
+ test_join_as_dc(t, "W2K3A")
+
+ t.info("Howto test: All OK")
+
+
+def test_cleanup(t):
+ '''cleanup after tests'''
+ t.info("Cleaning up ...")
+ t.restore_resolv_conf()
+ if getattr(t, 'bind_child', False):
+ t.bind_child.kill()
+
+
+if __name__ == '__main__':
+ t = wintest.wintest()
+
+ t.setup("test-s4-howto.py", "source4")
+
+ try:
+ test_howto(t)
+ except:
+ if not t.opts.nocleanup:
+ test_cleanup(t)
+ raise
+
+ if not t.opts.nocleanup:
+ test_cleanup(t)
+ t.info("S4 howto test: All OK")
diff --git a/wintest/wintest.py b/wintest/wintest.py
new file mode 100644
index 0000000..7d59e7a
--- /dev/null
+++ b/wintest/wintest.py
@@ -0,0 +1,992 @@
+#!/usr/bin/env python3
+
+'''automated testing library for testing Samba against windows'''
+
+import pexpect
+import subprocess
+import optparse
+import sys
+import os
+import time
+import re
+
+
+class wintest():
+ '''testing of Samba against windows VMs'''
+
+ def __init__(self):
+ self.vars = {}
+ self.list_mode = False
+ self.vms = None
+ os.environ['PYTHONUNBUFFERED'] = '1'
+ self.parser = optparse.OptionParser("wintest")
+
+ def check_prerequesites(self):
+ self.info("Checking prerequisites")
+ self.setvar('HOSTNAME', self.cmd_output("hostname -s").strip())
+ if os.getuid() != 0:
+ raise Exception("You must run this script as root")
+ self.run_cmd('ifconfig ${INTERFACE} ${INTERFACE_NET} up')
+ if self.getvar('INTERFACE_IPV6'):
+ self.run_cmd('ifconfig ${INTERFACE} inet6 del ${INTERFACE_IPV6}/64', checkfail=False)
+ self.run_cmd('ifconfig ${INTERFACE} inet6 add ${INTERFACE_IPV6}/64 up')
+
+ self.run_cmd('ifconfig ${NAMED_INTERFACE} ${NAMED_INTERFACE_NET} up')
+ if self.getvar('NAMED_INTERFACE_IPV6'):
+ self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 del ${NAMED_INTERFACE_IPV6}/64', checkfail=False)
+ self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 add ${NAMED_INTERFACE_IPV6}/64 up')
+
+ def stop_vms(self):
+ '''Shut down any existing alive VMs, so they do not collide with what we are doing'''
+ self.info('Shutting down any of our VMs already running')
+ vms = self.get_vms()
+ for v in vms:
+ self.vm_poweroff(v, checkfail=False)
+
+ def setvar(self, varname, value):
+ '''set a substitution variable'''
+ self.vars[varname] = value
+
+ def getvar(self, varname):
+ '''return a substitution variable'''
+ if varname not in self.vars:
+ return None
+ return self.vars[varname]
+
+ def setwinvars(self, vm, prefix='WIN'):
+ '''setup WIN_XX vars based on a vm name'''
+ for v in ['VM', 'HOSTNAME', 'USER', 'PASS', 'SNAPSHOT', 'REALM', 'DOMAIN', 'IP']:
+ vname = '%s_%s' % (vm, v)
+ if vname in self.vars:
+ self.setvar("%s_%s" % (prefix, v), self.substitute("${%s}" % vname))
+ else:
+ self.vars.pop("%s_%s" % (prefix, v), None)
+
+ if self.getvar("WIN_REALM"):
+ self.setvar("WIN_REALM", self.getvar("WIN_REALM").upper())
+ self.setvar("WIN_LCREALM", self.getvar("WIN_REALM").lower())
+ dnsdomain = self.getvar("WIN_REALM")
+ self.setvar("WIN_BASEDN", "DC=" + dnsdomain.replace(".", ",DC="))
+ if self.getvar("WIN_USER") is None:
+ self.setvar("WIN_USER", "administrator")
+
+ def info(self, msg):
+ '''print some information'''
+ if not self.list_mode:
+ print(self.substitute(msg))
+
+ def load_config(self, fname):
+ '''load the config file'''
+ f = open(fname)
+ for line in f:
+ line = line.strip()
+ if len(line) == 0 or line[0] == '#':
+ continue
+ colon = line.find(':')
+ if colon == -1:
+ raise RuntimeError("Invalid config line '%s'" % line)
+ varname = line[0:colon].strip()
+ value = line[colon + 1:].strip()
+ self.setvar(varname, value)
+
+ def list_steps_mode(self):
+ '''put wintest in step listing mode'''
+ self.list_mode = True
+
+ def set_skip(self, skiplist):
+ '''set a list of tests to skip'''
+ self.skiplist = skiplist.split(',')
+
+ def set_vms(self, vms):
+ '''set a list of VMs to test'''
+ if vms is not None:
+ self.vms = []
+ for vm in vms.split(','):
+ vm = vm.upper()
+ self.vms.append(vm)
+
+ def skip(self, step):
+ '''return True if we should skip a step'''
+ if self.list_mode:
+ print("\t%s" % step)
+ return True
+ return step in self.skiplist
+
+ def substitute(self, text):
+ """Substitute strings of the form ${NAME} in text, replacing
+ with substitutions from vars.
+ """
+ if isinstance(text, list):
+ ret = text[:]
+ for i in range(len(ret)):
+ ret[i] = self.substitute(ret[i])
+ return ret
+
+ """We may have objects such as pexpect.EOF that are not strings"""
+ if not isinstance(text, str):
+ return text
+ while True:
+ var_start = text.find("${")
+ if var_start == -1:
+ return text
+ var_end = text.find("}", var_start)
+ if var_end == -1:
+ return text
+ var_name = text[var_start + 2:var_end]
+ if var_name not in self.vars:
+ raise RuntimeError("Unknown substitution variable ${%s}" % var_name)
+ text = text.replace("${%s}" % var_name, self.vars[var_name])
+
+ def have_var(self, varname):
+ '''see if a variable has been set'''
+ return varname in self.vars
+
+ def have_vm(self, vmname):
+ '''see if a VM should be used'''
+ if not self.have_var(vmname + '_VM'):
+ return False
+ if self.vms is None:
+ return True
+ return vmname in self.vms
+
+ def putenv(self, key, value):
+ '''putenv with substitution'''
+ os.environ[key] = self.substitute(value)
+
+ def chdir(self, dir):
+ '''chdir with substitution'''
+ os.chdir(self.substitute(dir))
+
+ def del_files(self, dirs):
+ '''delete all files in the given directory'''
+ for d in dirs:
+ self.run_cmd("find %s -type f | xargs rm -f" % d)
+
+ def write_file(self, filename, text, mode='w'):
+ '''write to a file'''
+ f = open(self.substitute(filename), mode=mode)
+ f.write(self.substitute(text))
+ f.close()
+
+ def run_cmd(self, cmd, dir=".", show=None, output=False, checkfail=True):
+ '''run a command'''
+ cmd = self.substitute(cmd)
+ if isinstance(cmd, list):
+ self.info('$ ' + " ".join(cmd))
+ else:
+ self.info('$ ' + cmd)
+ if output:
+ return subprocess.Popen([cmd], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=dir).communicate()[0]
+ if isinstance(cmd, list):
+ shell = False
+ else:
+ shell = True
+ if checkfail:
+ return subprocess.check_call(cmd, shell=shell, cwd=dir)
+ else:
+ return subprocess.call(cmd, shell=shell, cwd=dir)
+
+ def run_child(self, cmd, dir="."):
+ '''create a child and return the Popen handle to it'''
+ cwd = os.getcwd()
+ cmd = self.substitute(cmd)
+ if isinstance(cmd, list):
+ self.info('$ ' + " ".join(cmd))
+ else:
+ self.info('$ ' + cmd)
+ if isinstance(cmd, list):
+ shell = False
+ else:
+ shell = True
+ os.chdir(dir)
+ ret = subprocess.Popen(cmd, shell=shell, stderr=subprocess.STDOUT)
+ os.chdir(cwd)
+ return ret
+
+ def cmd_output(self, cmd):
+ '''return output from and command'''
+ cmd = self.substitute(cmd)
+ return self.run_cmd(cmd, output=True)
+
+ def cmd_contains(self, cmd, contains, nomatch=False, ordered=False, regex=False,
+ casefold=True):
+ '''check that command output contains the listed strings'''
+
+ if isinstance(contains, str):
+ contains = [contains]
+
+ out = self.cmd_output(cmd)
+ self.info(out)
+ for c in self.substitute(contains):
+ if regex:
+ if casefold:
+ c = c.upper()
+ out = out.upper()
+ m = re.search(c, out)
+ if m is None:
+ start = -1
+ end = -1
+ else:
+ start = m.start()
+ end = m.end()
+ elif casefold:
+ start = out.upper().find(c.upper())
+ end = start + len(c)
+ else:
+ start = out.find(c)
+ end = start + len(c)
+ if nomatch:
+ if start != -1:
+ raise RuntimeError("Expected to not see %s in %s" % (c, cmd))
+ else:
+ if start == -1:
+ raise RuntimeError("Expected to see %s in %s" % (c, cmd))
+ if ordered and start != -1:
+ out = out[end:]
+
+ def retry_cmd(self, cmd, contains, retries=30, delay=2, wait_for_fail=False,
+ ordered=False, regex=False, casefold=True):
+ '''retry a command a number of times'''
+ while retries > 0:
+ try:
+ self.cmd_contains(cmd, contains, nomatch=wait_for_fail,
+ ordered=ordered, regex=regex, casefold=casefold)
+ return
+ except:
+ time.sleep(delay)
+ retries -= 1
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ raise RuntimeError("Failed to find %s" % contains)
+
+ def pexpect_spawn(self, cmd, timeout=60, crlf=True, casefold=True):
+ '''wrapper around pexpect spawn'''
+ cmd = self.substitute(cmd)
+ self.info("$ " + cmd)
+ ret = pexpect.spawn(cmd, logfile=sys.stdout, timeout=timeout)
+
+ def sendline_sub(line):
+ line = self.substitute(line)
+ if crlf:
+ line = line.replace('\n', '\r\n') + '\r'
+ return ret.old_sendline(line)
+
+ def expect_sub(line, timeout=ret.timeout, casefold=casefold):
+ line = self.substitute(line)
+ if casefold:
+ if isinstance(line, list):
+ for i in range(len(line)):
+ if isinstance(line[i], str):
+ line[i] = '(?i)' + line[i]
+ elif isinstance(line, str):
+ line = '(?i)' + line
+ return ret.old_expect(line, timeout=timeout)
+
+ ret.old_sendline = ret.sendline
+ ret.sendline = sendline_sub
+ ret.old_expect = ret.expect
+ ret.expect = expect_sub
+
+ return ret
+
+ def get_nameserver(self):
+ '''Get the current nameserver from /etc/resolv.conf'''
+ child = self.pexpect_spawn('cat /etc/resolv.conf', crlf=False)
+ i = child.expect(['Generated by wintest', 'nameserver'])
+ if i == 0:
+ child.expect('your original resolv.conf')
+ child.expect('nameserver')
+ child.expect(r'\d+.\d+.\d+.\d+')
+ return child.after
+
+ def rndc_cmd(self, cmd, checkfail=True):
+ '''run a rndc command'''
+ self.run_cmd("${RNDC} -c ${PREFIX}/etc/rndc.conf %s" % cmd, checkfail=checkfail)
+
+ def named_supports_gssapi_keytab(self):
+ '''see if named supports tkey-gssapi-keytab'''
+ self.write_file("${PREFIX}/named.conf.test",
+ 'options { tkey-gssapi-keytab "test"; };')
+ try:
+ self.run_cmd("${NAMED_CHECKCONF} ${PREFIX}/named.conf.test")
+ except subprocess.CalledProcessError:
+ return False
+ return True
+
+ def set_nameserver(self, nameserver):
+ '''set the nameserver in resolv.conf'''
+ self.write_file("/etc/resolv.conf.wintest", '''
+# Generated by wintest, the Samba v Windows automated testing system
+nameserver %s
+
+# your original resolv.conf appears below:
+''' % self.substitute(nameserver))
+ child = self.pexpect_spawn("cat /etc/resolv.conf", crlf=False)
+ i = child.expect(['your original resolv.conf appears below:', pexpect.EOF])
+ if i == 0:
+ child.expect(pexpect.EOF)
+ contents = child.before.lstrip().replace('\r', '')
+ self.write_file('/etc/resolv.conf.wintest', contents, mode='a')
+ self.write_file('/etc/resolv.conf.wintest-bak', contents)
+ self.run_cmd("mv -f /etc/resolv.conf.wintest /etc/resolv.conf")
+ self.resolv_conf_backup = '/etc/resolv.conf.wintest-bak'
+
+ def configure_bind(self, kerberos_support=False, include=None):
+ self.chdir('${PREFIX}')
+
+ if self.getvar('NAMED_INTERFACE_IPV6'):
+ ipv6_listen = 'listen-on-v6 port 53 { ${NAMED_INTERFACE_IPV6}; };'
+ else:
+ ipv6_listen = ''
+ self.setvar('BIND_LISTEN_IPV6', ipv6_listen)
+
+ if not kerberos_support:
+ self.setvar("NAMED_TKEY_OPTION", "")
+ elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
+ if self.named_supports_gssapi_keytab():
+ self.setvar("NAMED_TKEY_OPTION",
+ 'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";')
+ else:
+ self.info("LCREALM=${LCREALM}")
+ self.setvar("NAMED_TKEY_OPTION",
+ '''tkey-gssapi-credential "DNS/${LCREALM}";
+ tkey-domain "${LCREALM}";
+ ''')
+ self.putenv('KEYTAB_FILE', '${PREFIX}/bind-dns/dns.keytab')
+ self.putenv('KRB5_KTNAME', '${PREFIX}/bind-dns/dns.keytab')
+ else:
+ self.setvar("NAMED_TKEY_OPTION", "")
+
+ if include and self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
+ self.setvar("NAMED_INCLUDE", 'include "%s";' % include)
+ else:
+ self.setvar("NAMED_INCLUDE", '')
+
+ self.run_cmd("mkdir -p ${PREFIX}/etc")
+
+ self.write_file("etc/named.conf", '''
+options {
+ listen-on port 53 { ${NAMED_INTERFACE_IP}; };
+ ${BIND_LISTEN_IPV6}
+ directory "${PREFIX}/var/named";
+ dump-file "${PREFIX}/var/named/data/cache_dump.db";
+ pid-file "${PREFIX}/var/named/named.pid";
+ statistics-file "${PREFIX}/var/named/data/named_stats.txt";
+ memstatistics-file "${PREFIX}/var/named/data/named_mem_stats.txt";
+ allow-query { any; };
+ recursion yes;
+ ${NAMED_TKEY_OPTION}
+ max-cache-ttl 10;
+ max-ncache-ttl 10;
+
+ forward only;
+ forwarders {
+ ${DNSSERVER};
+ };
+
+};
+
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "lA/cTrno03mt5Ju17ybEYw==";
+};
+
+controls {
+ inet ${NAMED_INTERFACE_IP} port 953
+ allow { any; } keys { "rndc-key"; };
+};
+
+${NAMED_INCLUDE}
+''')
+
+ if self.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
+ self.write_file('etc/named.conf',
+ '''
+zone "%s" IN {
+ type forward;
+ forward only;
+ forwarders {
+ %s;
+ };
+};
+''' % (self.getvar('LCREALM'), self.getvar('INTERFACE_IP')),
+ mode='a')
+
+ # add forwarding for the windows domains
+ domains = self.get_domains()
+
+ for d in domains:
+ self.write_file('etc/named.conf',
+ '''
+zone "%s" IN {
+ type forward;
+ forward only;
+ forwarders {
+ %s;
+ };
+};
+''' % (d, domains[d]),
+ mode='a')
+
+ self.write_file("etc/rndc.conf", '''
+# Start of rndc.conf
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "lA/cTrno03mt5Ju17ybEYw==";
+};
+
+options {
+ default-key "rndc-key";
+ default-server ${NAMED_INTERFACE_IP};
+ default-port 953;
+};
+''')
+
+ def stop_bind(self):
+ '''Stop our private BIND from listening and operating'''
+ self.rndc_cmd("stop", checkfail=False)
+ self.port_wait("${NAMED_INTERFACE_IP}", 53, wait_for_fail=True)
+
+ self.run_cmd("rm -rf var/named")
+
+ def start_bind(self):
+ '''restart the test environment version of bind'''
+ self.info("Restarting bind9")
+ self.chdir('${PREFIX}')
+
+ self.set_nameserver(self.getvar('NAMED_INTERFACE_IP'))
+
+ self.run_cmd("mkdir -p var/named/data")
+ self.run_cmd("chown -R ${BIND_USER} var/named")
+
+ self.bind_child = self.run_child("${BIND9} -u ${BIND_USER} -n 1 -c ${PREFIX}/etc/named.conf -g")
+
+ self.port_wait("${NAMED_INTERFACE_IP}", 53)
+ self.rndc_cmd("flush")
+
+ def restart_bind(self, kerberos_support=False, include=None):
+ self.configure_bind(kerberos_support=kerberos_support, include=include)
+ self.stop_bind()
+ self.start_bind()
+
+ def restore_resolv_conf(self):
+ '''restore the /etc/resolv.conf after testing is complete'''
+ if getattr(self, 'resolv_conf_backup', False):
+ self.info("restoring /etc/resolv.conf")
+ self.run_cmd("mv -f %s /etc/resolv.conf" % self.resolv_conf_backup)
+
+ def vm_poweroff(self, vmname, checkfail=True):
+ '''power off a VM'''
+ self.setvar('VMNAME', vmname)
+ self.run_cmd("${VM_POWEROFF}", checkfail=checkfail)
+
+ def vm_reset(self, vmname):
+ '''reset a VM'''
+ self.setvar('VMNAME', vmname)
+ self.run_cmd("${VM_RESET}")
+
+ def vm_restore(self, vmname, snapshot):
+ '''restore a VM'''
+ self.setvar('VMNAME', vmname)
+ self.setvar('SNAPSHOT', snapshot)
+ self.run_cmd("${VM_RESTORE}")
+
+ def ping_wait(self, hostname):
+ '''wait for a hostname to come up on the network'''
+ hostname = self.substitute(hostname)
+ loops = 10
+ while loops > 0:
+ try:
+ self.run_cmd("ping -c 1 -w 10 %s" % hostname)
+ break
+ except:
+ loops = loops - 1
+ if loops == 0:
+ raise RuntimeError("Failed to ping %s" % hostname)
+ self.info("Host %s is up" % hostname)
+
+ def port_wait(self, hostname, port, retries=200, delay=3, wait_for_fail=False):
+ '''wait for a host to come up on the network'''
+
+ while retries > 0:
+ child = self.pexpect_spawn("nc -v -z -w 1 %s %u" % (hostname, port), crlf=False, timeout=1)
+ child.expect([pexpect.EOF, pexpect.TIMEOUT])
+ child.close()
+ i = child.exitstatus
+ if wait_for_fail:
+ # wait for timeout or fail
+ if i is None or i > 0:
+ return
+ else:
+ if i == 0:
+ return
+
+ time.sleep(delay)
+ retries -= 1
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+
+ raise RuntimeError("gave up waiting for %s:%d" % (hostname, port))
+
+ def run_net_time(self, child):
+ '''run net time on windows'''
+ child.sendline("net time \\\\${HOSTNAME} /set")
+ child.expect("Do you want to set the local computer")
+ child.sendline("Y")
+ child.expect("The command completed successfully")
+
+ def run_date_time(self, child, time_tuple=None):
+ '''run date and time on windows'''
+ if time_tuple is None:
+ time_tuple = time.localtime()
+ child.sendline("date")
+ child.expect("Enter the new date:")
+ i = child.expect(["dd-mm-yy", "mm-dd-yy"])
+ if i == 0:
+ child.sendline(time.strftime("%d-%m-%y", time_tuple))
+ else:
+ child.sendline(time.strftime("%m-%d-%y", time_tuple))
+ child.expect("C:")
+ child.sendline("time")
+ child.expect("Enter the new time:")
+ child.sendline(time.strftime("%H:%M:%S", time_tuple))
+ child.expect("C:")
+
+ def get_ipconfig(self, child):
+ '''get the IP configuration of the child'''
+ child.sendline("ipconfig /all")
+ child.expect('Ethernet adapter ')
+ child.expect(r"[\w\s]+")
+ self.setvar("WIN_NIC", child.after)
+ child.expect(['IPv4 Address', 'IP Address'])
+ child.expect(r'\d+.\d+.\d+.\d+')
+ self.setvar('WIN_IPV4_ADDRESS', child.after)
+ child.expect('Subnet Mask')
+ child.expect(r'\d+.\d+.\d+.\d+')
+ self.setvar('WIN_SUBNET_MASK', child.after)
+ child.expect('Default Gateway')
+ i = child.expect([r'\d+.\d+.\d+.\d+', "C:"])
+ if i == 0:
+ self.setvar('WIN_DEFAULT_GATEWAY', child.after)
+ child.expect("C:")
+
+ def get_is_dc(self, child):
+ '''check if a windows machine is a domain controller'''
+ child.sendline("dcdiag")
+ i = child.expect(["is not a [Directory Server|DC]",
+ "is not recognized as an internal or external command",
+ "Home Server = ",
+ "passed test Replications"])
+ if i == 0:
+ return False
+ if i == 1 or i == 3:
+ child.expect("C:")
+ child.sendline("net config Workstation")
+ child.expect("Workstation domain")
+ child.expect(r'[\S]+')
+ domain = child.after
+ i = child.expect(["Workstation Domain DNS Name", "Logon domain"])
+ '''If we get the Logon domain first, we are not in an AD domain'''
+ if i == 1:
+ return False
+ if domain.upper() == self.getvar("WIN_DOMAIN").upper():
+ return True
+
+ child.expect(r'[\S]+')
+ hostname = child.after
+ if hostname.upper() == self.getvar("WIN_HOSTNAME").upper():
+ return True
+
+ def set_noexpire(self, child, username):
+ """Ensure this user's password does not expire"""
+ child.sendline('wmic useraccount where name="%s" set PasswordExpires=FALSE' % username)
+ child.expect("update successful")
+ child.expect("C:")
+
+ def run_tlntadmn(self, child):
+ '''remove the annoying telnet restrictions'''
+ child.sendline('tlntadmn config maxconn=1024')
+ child.expect(["The settings were successfully updated", "Access is denied"])
+ child.expect("C:")
+
+ def disable_firewall(self, child):
+ '''remove the annoying firewall'''
+ child.sendline('netsh advfirewall set allprofiles state off')
+ i = child.expect(["Ok", "The following command was not found: advfirewall set allprofiles state off", "The requested operation requires elevation", "Access is denied"])
+ child.expect("C:")
+ if i == 1:
+ child.sendline('netsh firewall set opmode mode = DISABLE profile = ALL')
+ i = child.expect(["Ok", "The following command was not found", "Access is denied"])
+ if i != 0:
+ self.info("Firewall disable failed - ignoring")
+ child.expect("C:")
+
+ def set_dns(self, child):
+ child.sendline('netsh interface ip set dns "${WIN_NIC}" static ${NAMED_INTERFACE_IP} primary')
+ i = child.expect(['C:', pexpect.EOF, pexpect.TIMEOUT], timeout=5)
+ if i > 0:
+ return True
+ else:
+ return False
+
+ def set_ip(self, child):
+ """fix the IP address to the same value it had when we
+ connected, but don't use DHCP, and force the DNS server to our
+ DNS server. This allows DNS updates to run"""
+ self.get_ipconfig(child)
+ if self.getvar("WIN_IPV4_ADDRESS") != self.getvar("WIN_IP"):
+ raise RuntimeError("ipconfig address %s != nmblookup address %s" % (self.getvar("WIN_IPV4_ADDRESS"),
+ self.getvar("WIN_IP")))
+ child.sendline('netsh')
+ child.expect('netsh>')
+ child.sendline('offline')
+ child.expect('netsh>')
+ child.sendline('routing ip add persistentroute dest=0.0.0.0 mask=0.0.0.0 name="${WIN_NIC}" nhop=${WIN_DEFAULT_GATEWAY}')
+ child.expect('netsh>')
+ child.sendline('interface ip set address "${WIN_NIC}" static ${WIN_IPV4_ADDRESS} ${WIN_SUBNET_MASK} ${WIN_DEFAULT_GATEWAY} 1 store=persistent')
+ i = child.expect(['The syntax supplied for this command is not valid. Check help for the correct syntax', 'netsh>', pexpect.EOF, pexpect.TIMEOUT], timeout=5)
+ if i == 0:
+ child.sendline('interface ip set address "${WIN_NIC}" static ${WIN_IPV4_ADDRESS} ${WIN_SUBNET_MASK} ${WIN_DEFAULT_GATEWAY} 1')
+ child.expect('netsh>')
+ child.sendline('commit')
+ child.sendline('online')
+ child.sendline('exit')
+
+ child.expect([pexpect.EOF, pexpect.TIMEOUT], timeout=5)
+ return True
+
+ def resolve_ip(self, hostname, retries=60, delay=5):
+ '''resolve an IP given a hostname, assuming NBT'''
+ while retries > 0:
+ child = self.pexpect_spawn("bin/nmblookup %s" % hostname)
+ i = 0
+ while i == 0:
+ i = child.expect(["querying", r'\d+.\d+.\d+.\d+', hostname, "Lookup failed"])
+ if i == 0:
+ child.expect("\r")
+ if i == 1:
+ return child.after
+ retries -= 1
+ time.sleep(delay)
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ raise RuntimeError("Failed to resolve IP of %s" % hostname)
+
+ def open_telnet(self, hostname, username, password, retries=60, delay=5, set_time=False, set_ip=False,
+ disable_firewall=True, run_tlntadmn=True, set_noexpire=False):
+ '''open a telnet connection to a windows server, return the pexpect child'''
+ set_route = False
+ set_dns = False
+ set_telnetclients = True
+ start_telnet = True
+ if self.getvar('WIN_IP'):
+ ip = self.getvar('WIN_IP')
+ else:
+ ip = self.resolve_ip(hostname)
+ self.setvar('WIN_IP', ip)
+ while retries > 0:
+ child = self.pexpect_spawn("telnet " + ip + " -l '" + username + "'")
+ i = child.expect(["Welcome to Microsoft Telnet Service",
+ "Denying new connections due to the limit on number of connections",
+ "No more connections are allowed to telnet server",
+ "Unable to connect to remote host",
+ "No route to host",
+ "Connection refused",
+ pexpect.EOF])
+ if i != 0:
+ child.close()
+ time.sleep(delay)
+ retries -= 1
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ continue
+ child.expect("password:")
+ child.sendline(password)
+ i = child.expect(["C:",
+ "TelnetClients",
+ "Denying new connections due to the limit on number of connections",
+ "No more connections are allowed to telnet server",
+ "Unable to connect to remote host",
+ "No route to host",
+ "Connection refused",
+ pexpect.EOF])
+ if i == 1:
+ if set_telnetclients:
+ self.run_cmd('bin/net rpc group add TelnetClients -S $WIN_IP -U$WIN_USER%$WIN_PASS')
+ self.run_cmd('bin/net rpc group addmem TelnetClients "authenticated users" -S $WIN_IP -U$WIN_USER%$WIN_PASS')
+ child.close()
+ retries -= 1
+ set_telnetclients = False
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ continue
+ else:
+ raise RuntimeError("Failed to connect with telnet due to missing TelnetClients membership")
+
+ if i == 6:
+ # This only works if it is installed and enabled, but not started. Not entirely likely, but possible
+ self.run_cmd('bin/net rpc service start TlntSvr -S $WIN_IP -U$WIN_USER%$WIN_PASS')
+ child.close()
+ start_telnet = False
+ retries -= 1
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ continue
+
+ if i != 0:
+ child.close()
+ time.sleep(delay)
+ retries -= 1
+ self.info("retrying (retries=%u delay=%u)" % (retries, delay))
+ continue
+ if set_dns:
+ set_dns = False
+ if self.set_dns(child):
+ continue
+ if set_route:
+ child.sendline('route add 0.0.0.0 mask 0.0.0.0 ${WIN_DEFAULT_GATEWAY}')
+ child.expect("C:")
+ set_route = False
+ if set_time:
+ self.run_date_time(child, None)
+ set_time = False
+ if run_tlntadmn:
+ self.run_tlntadmn(child)
+ run_tlntadmn = False
+ if set_noexpire:
+ self.set_noexpire(child, username)
+ set_noexpire = False
+ if disable_firewall:
+ self.disable_firewall(child)
+ disable_firewall = False
+ if set_ip:
+ set_ip = False
+ if self.set_ip(child):
+ set_route = True
+ set_dns = True
+ continue
+ return child
+ raise RuntimeError("Failed to connect with telnet")
+
+ def kinit(self, username, password):
+ '''use kinit to setup a credentials cache'''
+ self.run_cmd("kdestroy")
+ self.putenv('KRB5CCNAME', "${PREFIX}/ccache.test")
+ username = self.substitute(username)
+ s = username.split('@')
+ if len(s) > 0:
+ s[1] = s[1].upper()
+ username = '@'.join(s)
+ child = self.pexpect_spawn('kinit ' + username)
+ child.expect("Password")
+ child.sendline(password)
+ child.expect(pexpect.EOF)
+ child.close()
+ if child.exitstatus != 0:
+ raise RuntimeError("kinit failed with status %d" % child.exitstatus)
+
+ def get_domains(self):
+ '''return a dictionary of DNS domains and IPs for named.conf'''
+ ret = {}
+ for v in self.vars:
+ if v[-6:] == "_REALM":
+ base = v[:-6]
+ if base + '_IP' in self.vars:
+ ret[self.vars[base + '_REALM']] = self.vars[base + '_IP']
+ return ret
+
+ def wait_reboot(self, retries=3):
+ '''wait for a VM to reboot'''
+
+ # first wait for it to shutdown
+ self.port_wait("${WIN_IP}", 139, wait_for_fail=True, delay=6)
+
+ # now wait for it to come back. If it fails to come back
+ # then try resetting it
+ while retries > 0:
+ try:
+ self.port_wait("${WIN_IP}", 139)
+ return
+ except:
+ retries -= 1
+ self.vm_reset("${WIN_VM}")
+ self.info("retrying reboot (retries=%u)" % retries)
+ raise RuntimeError(self.substitute("VM ${WIN_VM} failed to reboot"))
+
+ def get_vms(self):
+ '''return a dictionary of all the configured VM names'''
+ ret = []
+ for v in self.vars:
+ if v[-3:] == "_VM":
+ ret.append(self.vars[v])
+ return ret
+
+ def run_dcpromo_as_first_dc(self, vm, func_level=None):
+ self.setwinvars(vm)
+ self.info("Configuring a windows VM ${WIN_VM} at the first DC in the domain using dcpromo")
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
+ if self.get_is_dc(child):
+ return
+
+ if func_level == '2008r2':
+ self.setvar("FUNCTION_LEVEL_INT", str(4))
+ elif func_level == '2003':
+ self.setvar("FUNCTION_LEVEL_INT", str(1))
+ else:
+ self.setvar("FUNCTION_LEVEL_INT", str(0))
+
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
+
+ """This server must therefore not yet be a directory server, so we must promote it"""
+ child.sendline("copy /Y con answers.txt")
+ child.sendline(br'''
+[DCInstall]
+; New forest promotion
+ReplicaOrNewDomain=Domain
+NewDomain=Forest
+NewDomainDNSName=${WIN_REALM}
+ForestLevel=${FUNCTION_LEVEL_INT}
+DomainNetbiosName=${WIN_DOMAIN}
+DomainLevel=${FUNCTION_LEVEL_INT}
+InstallDNS=Yes
+ConfirmGc=Yes
+CreateDNSDelegation=No
+DatabasePath="C:\Windows\NTDS"
+LogPath="C:\Windows\NTDS"
+SYSVOLPath="C:\Windows\SYSVOL"
+; Set SafeModeAdminPassword to the correct value prior to using the unattend file
+SafeModeAdminPassword=${WIN_PASS}
+; Run-time flags (optional)
+RebootOnCompletion=No
+
+''')
+ child.expect("copied.")
+ child.expect("C:")
+ child.expect("C:")
+ child.sendline("dcpromo /answer:answers.txt")
+ i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:", pexpect.TIMEOUT], timeout=240)
+ if i == 1 or i == 2:
+ raise Exception("dcpromo failed")
+ if i == 4: # timeout
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}")
+
+ child.sendline("shutdown -r -t 0")
+ self.port_wait("${WIN_IP}", 139, wait_for_fail=True)
+ self.port_wait("${WIN_IP}", 139)
+
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}")
+ # Check if we became a DC by now
+ if not self.get_is_dc(child):
+ raise Exception("dcpromo failed (and wasn't a DC even after rebooting)")
+ # Give DNS registration a kick
+ child.sendline("ipconfig /registerdns")
+
+ self.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'], retries=60, delay=5)
+
+ def start_winvm(self, vm):
+ '''start a Windows VM'''
+ self.setwinvars(vm)
+
+ self.info("Joining a windows box to the domain")
+ self.vm_poweroff("${WIN_VM}", checkfail=False)
+ self.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
+
+ def run_winjoin(self, vm, domain, username="administrator", password="${PASSWORD1}"):
+ '''join a windows box to a domain'''
+ child = self.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True, set_noexpire=True)
+ retries = 5
+ while retries > 0:
+ child.sendline("ipconfig /flushdns")
+ child.expect("C:")
+ child.sendline("netdom join ${WIN_HOSTNAME} /Domain:%s /UserD:%s /PasswordD:%s" % (domain, username, password))
+ i = child.expect(["The command completed successfully",
+ "The specified domain either does not exist or could not be contacted."], timeout=120)
+ if i == 0:
+ break
+ time.sleep(10)
+ retries -= 1
+
+ child.expect("C:")
+ child.sendline("shutdown /r -t 0")
+ self.wait_reboot()
+ child = self.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True)
+ child.sendline("ipconfig /registerdns")
+ child.expect("Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer")
+ child.expect("C:")
+
+ def test_remote_smbclient(self, vm, username="${WIN_USER}", password="${WIN_PASS}", args=""):
+ '''test smbclient against remote server'''
+ self.setwinvars(vm)
+ self.info('Testing smbclient')
+ self.chdir('${PREFIX}')
+ smbclient = self.getvar("smbclient")
+ self.cmd_contains("%s --version" % (smbclient), ["${SAMBA_VERSION}"])
+ self.retry_cmd('%s -L ${WIN_HOSTNAME} -U%s%%%s %s' % (smbclient, username, password, args), ["IPC"], retries=60, delay=5)
+
+ def test_net_use(self, vm, realm, domain, username, password):
+ self.setwinvars(vm)
+ self.info('Testing net use against Samba3 member')
+ child = self.open_telnet("${WIN_HOSTNAME}", "%s\\%s" % (domain, username), password)
+ child.sendline("net use t: \\\\${HOSTNAME}.%s\\test" % realm)
+ child.expect("The command completed successfully")
+
+ def setup(self, testname, subdir):
+ '''setup for main tests, parsing command line'''
+ self.parser.add_option("--conf", type='string', default='', help='config file')
+ self.parser.add_option("--skip", type='string', default='', help='list of steps to skip (comma separated)')
+ self.parser.add_option("--vms", type='string', default=None, help='list of VMs to use (comma separated)')
+ self.parser.add_option("--list", action='store_true', default=False, help='list the available steps')
+ self.parser.add_option("--rebase", action='store_true', default=False, help='do a git pull --rebase')
+ self.parser.add_option("--clean", action='store_true', default=False, help='clean the tree')
+ self.parser.add_option("--prefix", type='string', default=None, help='override install prefix')
+ self.parser.add_option("--sourcetree", type='string', default=None, help='override sourcetree location')
+ self.parser.add_option("--nocleanup", action='store_true', default=False, help='disable cleanup code')
+ self.parser.add_option("--use-ntvfs", action='store_true', default=False, help='use NTVFS for the fileserver')
+ self.parser.add_option("--dns-backend", type="choice",
+ choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
+ "BIND9_FLATFILE uses bind9 text database to store zone information, "
+ "BIND9_DLZ uses samba4 AD to store zone information, "
+ "NONE skips the DNS setup entirely (not recommended)",
+ default="SAMBA_INTERNAL")
+
+ self.opts, self.args = self.parser.parse_args()
+
+ if not self.opts.conf:
+ print("Please specify a config file with --conf")
+ sys.exit(1)
+
+ # we don't need fsync safety in these tests
+ self.putenv('TDB_NO_FSYNC', '1')
+
+ self.load_config(self.opts.conf)
+
+ nameserver = self.get_nameserver()
+ if nameserver == self.getvar('NAMED_INTERFACE_IP'):
+ raise RuntimeError("old /etc/resolv.conf must not contain %s as a nameserver, this will create loops with the generated dns configuration" % nameserver)
+ self.setvar('DNSSERVER', nameserver)
+
+ self.set_skip(self.opts.skip)
+ self.set_vms(self.opts.vms)
+
+ if self.opts.list:
+ self.list_steps_mode()
+
+ if self.opts.prefix:
+ self.setvar('PREFIX', self.opts.prefix)
+
+ if self.opts.sourcetree:
+ self.setvar('SOURCETREE', self.opts.sourcetree)
+
+ if self.opts.rebase:
+ self.info('rebasing')
+ self.chdir('${SOURCETREE}')
+ self.run_cmd('git pull --rebase')
+
+ if self.opts.clean:
+ self.info('cleaning')
+ self.chdir('${SOURCETREE}/' + subdir)
+ self.run_cmd('make clean')
+
+ if self.opts.use_ntvfs:
+ self.setvar('USE_NTVFS', "--use-ntvfs")
+ else:
+ self.setvar('USE_NTVFS', "")
+
+ self.setvar('NAMESERVER_BACKEND', self.opts.dns_backend)
+
+ self.setvar('DNS_FORWARDER', "--option=dns forwarder=%s" % nameserver)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 06:07:44 +0000